Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:golang/golang.org/x/image@0.10.0
purl pkg:golang/golang.org/x/image@0.10.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-2uqz-va31-ubhz Golang TIFF decoder vulnerable to excessive CPU consumption A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. CVE-2023-29407
GHSA-j3p8-6mrq-6g7h
VCID-h16m-x9wr-7yem Golang TIFF decoder does not place a limit on the size of compressed tile data The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU. CVE-2023-29408
GHSA-x92r-3vfx-4cv3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:58:26.520621+00:00 GithubOSV Importer Fixing VCID-h16m-x9wr-7yem https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-x92r-3vfx-4cv3/GHSA-x92r-3vfx-4cv3.json 38.0.0
2026-04-01T12:58:24.214064+00:00 GithubOSV Importer Fixing VCID-2uqz-va31-ubhz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-j3p8-6mrq-6g7h/GHSA-j3p8-6mrq-6g7h.json 38.0.0