tiff: limit work when decoding malicious images

Fix two paths by which a malicious image could cause unreasonable
amounts of CPU consumption while decoding.

Avoid iterating over every horizontal pixel when decoding
a 0-height tiled image.

Limit the amount of data that will be decompressed per tile.

Thanks to Philippe Antoine (Catena cyber) for reporting this issue.

Fixes CVE-2023-29407
Fixes CVE-2023-29408
Fixes golang/go#61581
Fixes golang/go#61582

Change-Id: I8cbb26fa06843c6fe9fa99810cb1315431fa7d1d
Reviewed-on: https://go-review.googlesource.com/c/image/+/514897
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
2 files changed
tree: 80708a70ece47550e0848a21267d7657037dc65c
  1. bmp/
  2. ccitt/
  3. cmd/
  4. colornames/
  5. draw/
  6. example/
  7. font/
  8. math/
  9. riff/
  10. testdata/
  11. tiff/
  12. vector/
  13. vp8/
  14. vp8l/
  15. webp/
  16. .gitattributes
  17. .gitignore
  18. codereview.cfg
  19. CONTRIBUTING.md
  20. go.mod
  21. go.sum
  22. LICENSE
  23. PATENTS
  24. README.md
README.md

Go Images

Go Reference

This repository holds supplementary Go image libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/image/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/image.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the image repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/image:” in the subject line, so it is easy to find.