Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-46599
PUBLISHED
More InfoOfficial Page
Assigner-Go
Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc
View Known Exploited Vulnerability (KEV) details
Published At-29 May, 2026 | 19:35
Updated At-01 Jun, 2026 | 14:44
Rejected At-
▼CVE Numbering Authority (CNA)
Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.

Affected Products
Vendor
golang.org/x/image
Product
golang.org/x/image/tiff
Collection URL
https://pkg.go.dev
Package Name
golang.org/x/image/tiff
Program Routines
  • unpackBits
  • Decode
Default Status
unaffected
Versions
Affected
  • From 0 before 0.41.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-770: Allocation of Resources Without Limits or Throttling
Type: N/A
CWE ID: N/A
Description: CWE-770: Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Uuganbayar Lkhamsuren
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://go.dev/issue/79577
N/A
https://go.dev/cl/759960
N/A
https://groups.google.com/g/golang-announce/c/uhYX90BlBvI
N/A
https://pkg.go.dev/vuln/GO-2026-5032
N/A
Hyperlink: https://go.dev/issue/79577
Resource: N/A
Hyperlink: https://go.dev/cl/759960
Resource: N/A
Hyperlink: https://groups.google.com/g/golang-announce/c/uhYX90BlBvI
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2026-5032
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770 Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-770
Description: CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found