CVE Field Guide
About Us
CVE-2026-46604
PUBLISHED
Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
Assigner:
Go
Reserved:
15.05.2026
Published:
26.06.2026
Updated:
26.06.2026
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
Product Status
Vendor
golang.org/x/image
Product
golang.org/x/image/tiff
Versions
Default:
unaffected
affected from 0 to 0.43.0 (excl.)
Credits
sorte
References
https://go.dev/cl/788421
https://go.dev/issue/80122
https://pkg.go.dev/vuln/GO-2026-5066
Problem Types
CWE-125: Out-of-bounds Read