Home

Description

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-21 | Updated 2026-04-22 | Assigner Go

Problem types

CWE-190: Integer Overflow or Wraparound

Product status

Default status
unaffected

Any version before 0.39.0
affected

Credits

Tristan Madani

References

go.dev/cl/759860

go.dev/issue/78407

pkg.go.dev/vuln/GO-2026-4961

cve.org (CVE-2026-33813)

nvd.nist.gov (CVE-2026-33813)

Download JSON