CVE-2026-24738
Concisely, the Go library github.com/gmrtd/gmrtd’s ReadFile() is vulnerable to Denial of Service from unbounded TLV lengths before v0.17.2. Multiple sources (SUSE, Red Hat, OSV, CVE lists, GHSA advisory, Snyk) describe that ReadFile could accept TLVs up to 4 GB, causing uncontrolled memory and CP...