New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Go

Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

GO-2026-5032 · CVE-2026-46599 · GHSA-q675-qj96-32m9

Published · Modified

Description

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.

Ready to move

Start Securing

Free, no credit card | First findings in minutes