-
Byte Open Security
(ByteOS Network)
Log In
Sign Up
CVE Vulnerability Details :
CVE-2026-46604
PUBLISHED
More Info
Official Page
Assigner
-
Go
Assigner Org ID
-
1bb62c36-49e3-4200-9d77-64a1400537cc
View Known Exploited Vulnerability (KEV) details
Published At
-
26 Jun, 2026 | 20:22
Updated At
-
29 Jun, 2026 | 13:20
Rejected At
-
▼
CVE Numbering Authority (CNA)
Panic decoding image with out-of-bounds strip offset in x/image/tiff in golang.org/x/image
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
Affected Products
Vendor
golang.org/x/image
Product
golang.org/x/image/tiff
Collection URL
https://pkg.go.dev
Package Name
golang.org/x/image/tiff
Program Routines
Decode
Default Status
unaffected
Versions
Affected
From
0
before
0.43.0
(semver)
Problem Types
Type
CWE ID
Description
N/A
N/A
CWE-125: Out-of-bounds Read
Type:
N/A
CWE ID:
N/A
Description:
CWE-125: Out-of-bounds Read
Metrics
Version
Base score
Base severity
Vector
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
sorte
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
https://go.dev/cl/788421
N/A
https://go.dev/issue/80122
N/A
https://pkg.go.dev/vuln/GO-2026-5066
N/A
Hyperlink:
https://go.dev/cl/788421
Resource:
N/A
Hyperlink:
https://go.dev/issue/80122
Resource:
N/A
Hyperlink:
https://pkg.go.dev/vuln/GO-2026-5066
Resource:
N/A
▼
Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
Version
Base score
Base severity
Vector
3.1
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version:
3.1
Base score:
7.5
Base severity:
HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
Details not found