CVE-2026-33809 OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

CVE-2026-33809

CVE-2026-33809 affects the Go TIFF decoder in golang.org/x/image/tiff. A malicious TIFF file can trigger image decoding to attempt to allocate up to 4 GiB of memory via an oversized IFD offset, leading to excessive resource consumption or an out-of-memory error. The provided connected documents c...

CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

GO-2026-4815 OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

SUSE-RU-2026:1001-1 Recommended update for rust1.94

This update for rust1.94 fixes the following issues: This update adds rust1.94. Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0 - CVE-2026-31812: avoid unwrapping varint decoding during parameters parsing bsc1259623...

PT-2026-28086

Name of the Vulnerable Software and Affected Versions LibTIFF affected versions not specified Description A specially designed TIFF file can trigger an out-of-memory error or excessive resource usage during image decoding. The issue arises from the image decoding process attempting to allocate up...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from specially crafted TIFF files that may cause excessive memory allocation during image...

CVE-2026-33474

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

CVE-2026-33474

The CVE-2026-33474 entry maps to a DoS via image preview generation in Vikunja. The attached advisory details an unbounded image decoding and resizing path during preview creation that can exhaust CPU and memory when handling highly compressed, very large-dimension images. Affected code paths inc...

CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

CVE-2026-33474

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

Vikunja 资源管理错误漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 1.0.0-rc0 to 2.2.0 contained a resource management vulnerability. This vulnerability stemmed from unlimited image decoding and resizing during preview generation, which could lead to CPU and memo...

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v3/internal/decoding is a None Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially...

cbor2 安全漏洞

cbor2 is a binary object representation serialization format encoding and decoding library developed by Alex Grönholm as an individual developer. Versions of cbor2 prior to 5.9.0 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled recursion when decoding deeply...

GHSA-72GR-QFP7-VWHW h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`

Summary The serveStatic utility in h3 applies a redundant decodeURI call to the request pathname after H3Event has already performed percent-decoding with %25 preservation. This double decoding converts %252e%252e into %2e%2e, which bypasses resolveDotSegments since it checks for literal...

h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`

Summary The serveStatic utility in h3 applies a redundant decodeURI call to the request pathname after H3Event has already performed percent-decoding with %25 preservation. This double decoding converts %252e%252e into %2e%2e, which bypasses resolveDotSegments since it checks for literal...

Vikunja Affected by DoS via Image Preview Generation

Summary - Vulnerability: Unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. - Affected code: - Decoding without bounds: taskattachment.go:GetPreview - Resizing path: resizeImage -...