Skip to main content

Golang Org X Image Webp

2 CVEs product

Monthly

CVE-2026-46601 Go HIGH PATCH This Week

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

Information Disclosure Golang Org X Image Webp Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-33813 Go HIGH PATCH This Week

Denial of service in Go's x/image/webp library allows remote attackers to crash 32-bit applications by sending specially crafted WEBP images with invalid large size values, triggering runtime panic. Vendor patch released (version 0.39.0) with low EPSS score (0.02%) indicating minimal observed exploitation activity. Despite network vector and no authentication requirements (CVSS AV:N/PR:N), exploitation is platform-specific to 32-bit architectures only.

Information Disclosure Golang Org X Image Webp
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

Information Disclosure Golang Org X Image Webp Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Go's x/image/webp library allows remote attackers to crash 32-bit applications by sending specially crafted WEBP images with invalid large size values, triggering runtime panic. Vendor patch released (version 0.39.0) with low EPSS score (0.02%) indicating minimal observed exploitation activity. Despite network vector and no authentication requirements (CVSS AV:N/PR:N), exploitation is platform-specific to 32-bit architectures only.

Information Disclosure Golang Org X Image Webp
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy