Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
bep/imagemeta allows excessively large EXIF data structures
Vulnerability Description
bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. The EXIF data format allows for defining excessively large data structures in relatively small payloads. Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.10.0 added LimitNumTags (default 5000) and LimitTagSize (default 10000) options.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
imagemeta 安全漏洞
Vulnerability Description
imagemeta是Bjørn Erik Pedersen个人开发者的一个Go库。用于从JPEG、TIFF、PNG和WebP文件中读取EXIF、IPTC和XMP图像元数据。 imagemeta v0.10.0之前版本存在安全漏洞,该漏洞源于未限制EXIF数据标签数量和大小,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A