Skip to main content

Golang Org X Image Tiff

4 CVEs product

Monthly

CVE-2026-46604 Go HIGH PATCH This Week

Denial of service in the Go golang.org/x/image/tiff decoder allows remote attackers to crash any application that parses untrusted TIFF images. A maliciously crafted image with an out-of-bounds strip offset triggers a panic in the decoder, terminating the goroutine or process (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating no observed mass exploitation, but the bug is trivially triggerable wherever the library decodes attacker-supplied images.

Buffer Overflow Golang Org X Image Tiff Memory Corruption
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-46602 Go HIGH PATCH This Week

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

Information Disclosure Golang Org X Image Tiff
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-46599 Go HIGH POC PATCH GHSA This Week

Denial-of-service in the Go golang.org/x/image/tiff package (versions before 0.41.0) allows remote attackers to exhaust memory or CPU by submitting a small, maliciously-crafted TIFF image whose PackBits-compressed stream decodes to disproportionately large output. Any Go service that parses untrusted TIFF input via this library is exposed; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Golang Org X Image Tiff
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33809 Go MEDIUM PATCH This Month

Memory exhaustion in TIFF image processing allows unauthenticated remote attackers to trigger allocation of up to 4GiB of memory by submitting malicious image files, resulting in denial of service through resource depletion or application crashes. Affected systems lack available patches, leaving deployed instances vulnerable to this attack vector requiring only network access and no user interaction.

File Upload Golang Org X Image Tiff
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Go golang.org/x/image/tiff decoder allows remote attackers to crash any application that parses untrusted TIFF images. A maliciously crafted image with an out-of-bounds strip offset triggers a panic in the decoder, terminating the goroutine or process (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis, and EPSS is low (0.17%, 7th percentile), indicating no observed mass exploitation, but the bug is trivially triggerable wherever the library decodes attacker-supplied images.

Buffer Overflow Golang Org X Image Tiff Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

Information Disclosure Golang Org X Image Tiff
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial-of-service in the Go golang.org/x/image/tiff package (versions before 0.41.0) allows remote attackers to exhaust memory or CPU by submitting a small, maliciously-crafted TIFF image whose PackBits-compressed stream decodes to disproportionately large output. Any Go service that parses untrusted TIFF input via this library is exposed; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Golang Org X Image Tiff
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory exhaustion in TIFF image processing allows unauthenticated remote attackers to trigger allocation of up to 4GiB of memory by submitting malicious image files, resulting in denial of service through resource depletion or application crashes. Affected systems lack available patches, leaving deployed instances vulnerable to this attack vector requiring only network access and no user interaction.

File Upload Golang Org X Image Tiff
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy