ByteOS Network

CVE Vulnerability Details :

CVE-2026-33809

PUBLISHED

More Info Official Page

Assigner-Go

Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc

Published At-25 Mar, 2026 | 18:24

Updated At-06 Apr, 2026 | 21:12

▼CVE Numbering Authority (CNA)

OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

Affected Products

Vendor

golang.org/x/image

Product

golang.org/x/image/tiff

Collection URL

https://pkg.go.dev

Package Name

golang.org/x/image/tiff

Program Routines

buffer.fill
buffer.ReadAt
Decode
DecodeConfig
buffer.Slice

Default Status

unaffected

Versions

Affected

From 0 before 0.38.0 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-400: Uncontrolled Resource Consumption

Type: N/A

CWE ID: N/A

Description: CWE-400: Uncontrolled Resource Consumption

Credits

Andy Gill, ZephrSec Ltd

References

Hyperlink	Resource
https://go.dev/cl/757660	N/A
https://go.dev/issue/78267	N/A
https://pkg.go.dev/vuln/GO-2026-4815	N/A

Hyperlink: https://go.dev/cl/757660

Resource: N/A

Hyperlink: https://go.dev/issue/78267

Resource: N/A

Hyperlink: https://pkg.go.dev/vuln/GO-2026-4815

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References