17 matches found
CVE-2026-46604 Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset...
CVE-2026-46604
The CVE-2026-46604 entry concerns a panic in the Go TIFF decoder (golang.org/x/image/tiff) when decoding a malformed image containing an out-of-bounds strip offset. Affected component: TIFF decoding path in golang.org/x/image/x/image/tiff. Root cause: decoding invalid TIFF data triggers a panic d...
CVE-2026-46602
The CVE-2026-46602 issue affects the TIFF decoder in golang.org/x/image: it does not enforce a limit on tile sizes in tiled TIFF images, which can lead to unbounded memory consumption when processing a malicious or corrupted image with a very large tile. This is stated across multiple sources in ...
CVE-2026-42500 Panic when reading out of bound palette index in golang.org/x/image/bmp
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...
CVE-2026-33813
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service DoS...
CVE-2026-33812
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted font file. Parsing this malicious file can lead to excessive memory allocation, which may result in a Denial of Service DoS for the affected system. Mitigation Mitigation fo...
ROS-20260430-73-0006
Vulnerability in golang-x-image related to unrestricted download of dangerous file types. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2026-33812 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
Parsing a malicious font file can cause excessive memory allocation...
CVE-2026-33813
CVE-2026-33813 affects decoding of WEBP images in golang.org/x/image. The issue occurs when parsing a WEBP image with an invalid, large size on 32-bit platforms, causing a panic. Connected sources corroborate that this is a panic condition specific to large/invalid sizes on 32-bit architectures; ...
CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...
GO-2026-4962 Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
Parsing a malicious font file can cause excessive memory allocation...
GO-2026-4961 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...
CVE-2026-33809
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format TIFF file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes GiB of memory. The excessive resource...
CVE-2026-33809 OOM from malicious IFD offset in golang.org/x/image/tiff
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...
CVE-2026-33809 OOM from malicious IFD offset in golang.org/x/image/tiff
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...
CVE-2024-24792 Panic when parsing invalid palette-color images in golang.org/x/image
Parsing a corrupt or malicious image with invalid color indices can cause a panic...
Denial Of Service (DoS)
github.com/golang/image is vulnerable to Denial of Service DoS attacks. An attacker is able to consume a significant amount of memory through the DecodeConfig component when passed a malformed TIFF image, resulting in an application crash...