CVE-2026-33809
CVE-2026-33809 affects the Go TIFF decoder in golang.org/x/image/tiff. A malicious TIFF file can trigger image decoding to attempt to allocate up to 4 GiB of memory via an oversized IFD offset, leading to excessive resource consumption or an out-of-memory error. The provided connected documents c...