A vulnerability in the Go standard library's TIFF decoder allows maliciously-crafted images to trigger excessive memory consumption. The PackBits decompression routine lacks bounds checking on compressed data size, enabling a small input image to expand into arbitrarily large decompressed output. This represents a denial-of-service vector through resource exhaustion. The issue was addressed in Go's securi [truncated]
## Summary A vulnerability in Go's image processing library causes a panic when decoding malformed paletted BMP files with out-of-range palette indices. This denial-of-service condition affects applications that process untrusted BMP images. ## Technical Details The vulnerability exists in Go's BMP decoder when handling paletted (8-bit) BMP files. A malformed file containing palette indices that exceed th [truncated]
