Register | Log in

golang-golang-x-image

supplementary Go image libraries

Choose email to subscribe with

general

source: golang-golang-x-image (main)
version: 0.35.0-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Anthony Fok [DMD] – Dr. Tobias Quathamer [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.0~git20200119.58c2397-1
oldstable: 0.5.0-1
stable: 0.18.0-1
testing: 0.35.0-1
unstable: 0.35.0-1

versioned links

0.0~git20200119.58c2397-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.5.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.18.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.35.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-golang-x-image-dev

action needed

4 security issues in buster high

There are 4 open security issues in buster.

1 important issue:

CVE-2024-24792: Parsing a corrupt or malicious image with invalid color indices can cause a panic.

3 issues postponed or untriaged:

CVE-2022-41727: (postponed; to be fixed through a stable update) An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
CVE-2023-29407: (needs triaging) A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
CVE-2023-29408: (postponed; to be fixed through a stable update) The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

Created: 2024-06-28 Last update: 2024-06-28 15:00

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-02-02 Last update: 2026-02-03 01:31

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-17 Last update: 2025-10-17 09:31

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2023-29407: (needs triaging) A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
CVE-2023-29408: (needs triaging) The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
CVE-2024-24792: (needs triaging) Parsing a corrupt or malicious image with invalid color indices can cause a panic.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-08-04 Last update: 2026-02-02 08:01

news

[2026-02-02] golang-golang-x-image 0.35.0-1 MIGRATED to testing (Debian testing watch)
[2026-01-30] Accepted golang-golang-x-image 0.35.0-1 (source) into unstable (Dr. Tobias Quathamer)
[2025-10-19] golang-golang-x-image 0.32.0-1 MIGRATED to testing (Debian testing watch)
[2025-10-19] golang-golang-x-image 0.32.0-1 MIGRATED to testing (Debian testing watch)
[2025-10-16] Accepted golang-golang-x-image 0.32.0-1 (source) into unstable (Dr. Tobias Quathamer)
[2024-08-12] golang-golang-x-image 0.18.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-12] golang-golang-x-image 0.18.0-1 MIGRATED to testing (Debian testing watch)
[2024-08-10] Accepted golang-golang-x-image 0.18.0-1 (source) into unstable (Anthony Fok)
[2024-05-23] golang-golang-x-image 0.16.0-1 MIGRATED to testing (Debian testing watch)
[2024-05-21] Accepted golang-golang-x-image 0.16.0-1 (source) into unstable (Anthony Fok)
[2024-02-26] golang-golang-x-image 0.15.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-24] Accepted golang-golang-x-image 0.15.0-1 (source) into unstable (Anthony Fok)
[2023-12-11] golang-golang-x-image 0.14.0-1 MIGRATED to testing (Debian testing watch)
[2023-12-08] Accepted golang-golang-x-image 0.14.0-1 (source) into unstable (Anthony Fok)
[2023-11-03] golang-golang-x-image 0.13.0-1 MIGRATED to testing (Debian testing watch)
[2023-11-01] Accepted golang-golang-x-image 0.13.0-1 (source) into unstable (Anthony Fok)
[2023-10-15] golang-golang-x-image 0.12.0-1 MIGRATED to testing (Debian testing watch)
[2023-10-12] Accepted golang-golang-x-image 0.12.0-1 (source) into unstable (Anthony Fok)
[2023-10-10] Accepted golang-golang-x-image 0.11.0-1 (source) into unstable (Anthony Fok)
[2023-10-09] Accepted golang-golang-x-image 0.9.0-1 (source) into unstable (Anthony Fok)
[2023-09-23] golang-golang-x-image 0.8.0-1 MIGRATED to testing (Debian testing watch)
[2023-09-21] Accepted golang-golang-x-image 0.8.0-1 (source) into unstable (Anthony Fok)
[2023-07-01] golang-golang-x-image 0.7.0-1 MIGRATED to testing (Debian testing watch)
[2023-06-29] Accepted golang-golang-x-image 0.7.0-1 (source) into unstable (Anthony Fok)
[2023-02-25] golang-golang-x-image 0.5.0-1 MIGRATED to testing (Debian testing watch)
[2023-02-15] Accepted golang-golang-x-image 0.5.0-1 (source) into unstable (Shengjing Zhu)
[2023-01-05] golang-golang-x-image 0.2.0-1 MIGRATED to testing (Debian testing watch)
[2023-01-02] Accepted golang-golang-x-image 0.2.0-1 (source) into unstable (Shengjing Zhu)
[2022-10-28] golang-golang-x-image 0.1.0-1 MIGRATED to testing (Debian testing watch)
[2022-10-26] Accepted golang-golang-x-image 0.1.0-1 (source) into unstable (Shengjing Zhu)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 3)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.35.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing