CVE-2023-29407

Public on 2023-08-02
Modified on 2024-03-28
Description
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
Severity
Medium severity
Medium
CVSS v3 Base Score
4.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent Not Affected
Amazon Linux 2023 amazon-cloudwatch-agent Not Affected
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2023 amazon-ecr-credential-helper Not Affected
Amazon Linux 1 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core amazon-ssm-agent Not Affected
Amazon Linux 2023 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core cni-plugins Not Affected
Amazon Linux 2023 cni-plugins Not Affected
Amazon Linux 1 containerd Not Affected
Amazon Linux 2 - Docker Extra containerd Not Affected
Amazon Linux 2 - Ecs Extra containerd Not Affected
Amazon Linux 2023 containerd Not Affected
Amazon Linux 2 - Core cri-tools Not Affected
Amazon Linux 1 docker Not Affected
Amazon Linux 2 - Docker Extra docker Not Affected
Amazon Linux 2 - Ecs Extra docker Not Affected
Amazon Linux 2023 docker Not Affected
Amazon Linux 1 ecs-init Not Affected
Amazon Linux 2 - Ecs Extra ecs-init Not Affected
Amazon Linux 2023 ecs-init Not Affected
Amazon Linux 1 golang Not Affected
Amazon Linux 2 - Core golang Not Affected
Amazon Linux 2023 golang Not Affected
Amazon Linux 1 golist Not Affected
Amazon Linux 2 - Core golist Not Affected
Amazon Linux 2023 lynis Not Affected
Amazon Linux 2 - Core nerdctl Not Affected
Amazon Linux 2023 nerdctl Not Affected
Amazon Linux 2 - Docker Extra oci-add-hooks Not Affected
Amazon Linux 2023 oci-add-hooks Not Affected
Amazon Linux 2 - Core rclone Not Affected
Amazon Linux 1 runc Not Affected
Amazon Linux 2 - Docker Extra runc Not Affected
Amazon Linux 2 - Ecs Extra runc Not Affected
Amazon Linux 2023 runc Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H