Browse all 7 CVE security advisories affecting golang.org/x/image. AI-powered Chinese analysis, POCs, and references for each vulnerability.
golang.org/x/image is a Go library providing image processing capabilities for developers. The library has historically been vulnerable to memory corruption issues, including buffer overflows and use-after-free vulnerabilities, which could lead to remote code execution in applications processing untrusted image data. While no major public incidents have been documented, the 7 CVEs recorded highlight risks in parsing malformed image files. Security researchers have identified vulnerabilities in handling various image formats, particularly in the tiff and gif packages, where insufficient input validation could allow attackers to execute arbitrary code through specially crafted image files.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33812 | Excessive memory allocation when decoding malicious SFNT in golang.org/x/image — golang.org/x/image/font/sfnt | 5.5AI | MediumAI | 2026-04-21 |
| CVE-2026-33813 | Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image — golang.org/x/image/webp | 9.1AI | CriticalAI | 2026-04-21 |
| CVE-2026-33809 | OOM from malicious IFD offset in golang.org/x/image/tiff — golang.org/x/image/tiff | 5.5 | - | 2026-03-25 |
| CVE-2024-24792 | Panic when parsing invalid palette-color images in golang.org/x/image — golang.org/x/image/tiff | 6.5AI | MediumAI | 2024-06-27 |
| CVE-2023-29407 | Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff — golang.org/x/image/tiff | 5.5 | - | 2023-08-02 |
| CVE-2023-29408 | Excessive resource consumption in golang.org/x/image/tiff — golang.org/x/image/tiff | 5.5 | - | 2023-08-02 |
| CVE-2022-41727 | Denial of service via crafted TIFF image in golang.org/x/image/tiff — golang.org/x/image/tiff | 5.5 | - | 2023-02-28 |
This page lists every published CVE security advisory associated with golang.org/x/image. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.