2 matches found
CVE-2026-46602 Lack of limit on tile sizes in x/image/tiff in golang.org/x/image
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption...
CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory...