VDB
GO-2026-4962
GO-2026-4962
PUBLISHED
Excessive memory allocation when decoding malicious SFNT in golang.org/x/image
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| golang.org | x/image | 0, 0 |
Timeline
- Apr 21, 2026 CVE Published
- May 14, 2026 CVE Updated
References
- https://go.dev/cl/761180 patch
- https://go.dev/issue/78382 report