HIGH 7.5
GHSA-q675-qj96-32m9
golang.org/x/image/tiff has excessive resource consumption in PackBits decompression
Details
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.
Are you affected?
Enter the version of the package you're using.