CVE Field Guide
About Us
CVE-2026-33812
PUBLISHED
Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
Assigner:
Go
Reserved:
23.03.2026
Published:
21.04.2026
Updated:
21.04.2026
Parsing a malicious font file can cause excessive memory allocation.
Product Status
Vendor
golang.org/x/image
Product
golang.org/x/image/font/sfnt
Versions
Default:
unaffected
affected from 0 to 0.39.0 (excl.)
Credits
Andy Gill, ZephrSec Ltd
References
https://go.dev/cl/761180
https://go.dev/issue/78382
https://pkg.go.dev/vuln/GO-2026-4962
Problem Types
CWE-789: Memory Allocation with Excessive Size Value