CVE Field Guide
About Us
CVE-2026-33813
PUBLISHED
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Assigner:
Go
Reserved:
23.03.2026
Published:
21.04.2026
Updated:
21.04.2026
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
Product Status
Vendor
golang.org/x/image
Product
golang.org/x/image/webp
Versions
Default:
unaffected
affected from 0 to 0.39.0 (excl.)
Credits
Tristan Madani
References
https://go.dev/cl/759860
https://go.dev/issue/78407
https://pkg.go.dev/vuln/GO-2026-4961
Problem Types
CWE-190: Integer Overflow or Wraparound