Home

Description

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

PUBLISHED Reserved 2026-03-23 | Published 2026-03-25 | Updated 2026-04-06 | Assigner Go

Problem types

CWE-400: Uncontrolled Resource Consumption

Product status

Default status
unaffected

Any version before 0.38.0
affected

Credits

Andy Gill, ZephrSec Ltd

References

go.dev/cl/757660

go.dev/issue/78267

pkg.go.dev/vuln/GO-2026-4815

cve.org (CVE-2026-33809)

nvd.nist.gov (CVE-2026-33809)

Download JSON