UNKNOWN Go
Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff
GO-2026-5032 · CVE-2026-46599 · GHSA-q675-qj96-32m9
Published · Modified
Description
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.
References
Ready to move
Start Securing
Free, no credit card | First findings in minutes