CVE-2026-33809 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33809 PUBLISHED CVSS 5.300000190734863 MEDIUM

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

EPSS 0.03% · 7.6th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.03%

7.6th percentile

Affected Products

Vendor	Product	Versions
golang.org	x/image	0
golang.org/x/image	golang.org/x/image/tiff	0, 0, 0

Timeline

Mar 25, 2026 CVE Published
Mar 25, 2026 Coalition ESS Score
Mar 25, 2026 PoC Published
Mar 28, 2026 EPSS Score
Mar 29, 2026 Security Advisory
Mar 30, 2026 CVE Updated

References

https://go.dev/cl/757660 technical
https://go.dev/issue/78267 technical
https://pkg.go.dev/vuln/GO-2026-4815 technical
https://nvd.nist.gov/vuln/detail/CVE-2026-33809 advisory
https://cs.opensource.google/go/x/image package

Open in Interactive Console →