VDB
GO-2026-4815
GO-2026-4815
PUBLISHED
CVSS 9.300000190734863 CRITICAL
OOM from malicious IFD offset in golang.org/x/image/tiff
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| golang.org | x/image | 0, 0 |
Timeline
- Mar 25, 2026 CVE Published
- May 15, 2026 CVE Updated
References
- https://go.dev/cl/757660 patch
- https://go.dev/issue/78267 report