golang.org/x/image

Go7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting golang.org/x/imagepage 1 of 1

CVE-2022-41727MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.5.0
2023-02-28
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
CVE-2023-29407MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.10.0
2023-08-02
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
CVE-2023-29408MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.10.0
2023-08-02
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amoun…
CVE-2024-24792HIGHCVSS 7.5EG 7.5✓ Fixed in 0.18.0
2024-06-27
Parsing a corrupt or malicious image with invalid color indices can cause a panic.
CVE-2026-33809MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.38.0
2026-03-25
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.
CVE-2026-33812MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.39.0
2026-04-21
Parsing a malicious font file can cause excessive memory allocation.
CVE-2026-33813HIGHCVSS 7.5EG 7.5✓ Fixed in 0.39.0
2026-04-21
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

Check whether golang.org/x/image is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for golang.org/x/image CVEs against the assets you own.

Start Free Scan →