The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
Parsing a corrupt or malicious image with invalid color indices can cause a panic.