CVE-2026-42500 PUBLISHED

Panic when reading out of bound palette index in golang.org/x/image/bmp

Assigner: Go
Reserved: 28.04.2026 Published: 29.05.2026 Updated: 29.05.2026

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

Product Status

Vendor golang.org/x/image
Product golang.org/x/image/bmp
Versions Default: unaffected
  • affected from 0 to 0.41.0 (excl.)

References

Problem Types

  • CWE-129: Improper Validation of Array Index