3 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of limits on the size of PackBits-compressed data during decompression. An attacker can cause excessive resource consumption by submitting a specially crafted image...
CVE-2026-46599 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height and encoded size to make the decoder decode large amounts of compressed data...
CVE-2026-33812
CVE-2026-33812 affects golang.org/x/image, where parsing a malicious SFNT font can trigger excessive memory allocation. The connected CVE listing confirms the issue is caused by decoding a malicious font file (SFNT) and identifies golang.org/x/image as the affected component. The provided documen...