VulnerableCode Package Details - pkg:deb/debian/golang-golang-x-image@0.0~git20200119.58c2397-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2uqz-va31-ubhz Aliases: CVE-2023-29407 GHSA-j3p8-6mrq-6g7h	Golang TIFF decoder vulnerable to excessive CPU consumption A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.	0.18.0-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4wx3-ary7-2be6 Aliases: CVE-2026-33812	Parsing a malicious font file can cause excessive memory allocation.	0.32.0-1 Affected by 0 other vulnerabilities.
VCID-6vp5-c27t-zkhh Aliases: CVE-2026-33813	Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.	0.32.0-1 Affected by 0 other vulnerabilities.
VCID-fj7w-564m-yuca Aliases: CVE-2024-24792 GHSA-9phm-fm57-rhg8	Panic when parsing invalid palette-color images in golang.org/x/image Parsing a corrupt or malicious image with invalid color indices can cause a panic.	0.18.0-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-h16m-x9wr-7yem Aliases: CVE-2023-29408 GHSA-x92r-3vfx-4cv3	Golang TIFF decoder does not place a limit on the size of compressed tile data The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.	0.18.0-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x59b-qzje-7qf9 Aliases: CVE-2022-41727 GHSA-qgc7-mgm3-q253	Uncontrolled Resource Consumption in golang.org/x/image An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.	0.5.0-1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yj5c-4wbb-gbcx Aliases: CVE-2026-33809 GHSA-44p7-9xx4-hf2g	Go Images vulnerable to an out-of-memory error via a crafted TIFF file A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.	0.32.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2uqz-va31-ubhz
Aliases:
CVE-2023-29407
GHSA-j3p8-6mrq-6g7h

Golang TIFF decoder vulnerable to excessive CPU consumption A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

0.18.0-1
Affected by 3 other vulnerabilities.

VCID-4wx3-ary7-2be6
Aliases:
CVE-2026-33812

Parsing a malicious font file can cause excessive memory allocation.

0.32.0-1
Affected by 0 other vulnerabilities.

VCID-6vp5-c27t-zkhh
Aliases:
CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

0.32.0-1
Affected by 0 other vulnerabilities.

VCID-fj7w-564m-yuca
Aliases:
CVE-2024-24792
GHSA-9phm-fm57-rhg8

Panic when parsing invalid palette-color images in golang.org/x/image Parsing a corrupt or malicious image with invalid color indices can cause a panic.

0.18.0-1
Affected by 3 other vulnerabilities.

VCID-h16m-x9wr-7yem
Aliases:
CVE-2023-29408
GHSA-x92r-3vfx-4cv3

Golang TIFF decoder does not place a limit on the size of compressed tile data The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

0.18.0-1
Affected by 3 other vulnerabilities.

VCID-x59b-qzje-7qf9
Aliases:
CVE-2022-41727
GHSA-qgc7-mgm3-q253

Uncontrolled Resource Consumption in golang.org/x/image An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

0.5.0-1
Affected by 6 other vulnerabilities.

VCID-yj5c-4wbb-gbcx
Aliases:
CVE-2026-33809
GHSA-44p7-9xx4-hf2g

Go Images vulnerable to an out-of-memory error via a crafted TIFF file A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

0.32.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-02T03:07:52.115743+00:00	Debian Importer	Affected by	VCID-yj5c-4wbb-gbcx	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-02T01:32:31.145767+00:00	Debian Importer	Affected by	VCID-6vp5-c27t-zkhh	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T23:13:01.396944+00:00	Debian Importer	Affected by	VCID-x59b-qzje-7qf9	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:45:36.359064+00:00	Debian Importer	Affected by	VCID-fj7w-564m-yuca	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T22:35:39.117093+00:00	Debian Importer	Affected by	VCID-4wx3-ary7-2be6	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T21:58:44.621630+00:00	Debian Importer	Affected by	VCID-h16m-x9wr-7yem	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-01T21:45:11.593215+00:00	Debian Importer	Affected by	VCID-2uqz-va31-ubhz	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-04-29T12:47:08.643926+00:00	Debian Importer	Affected by	VCID-h16m-x9wr-7yem	https://security-tracker.debian.org/tracker/data/json	38.5.0
2026-04-29T12:37:36.246024+00:00	Debian Importer	Affected by	VCID-2uqz-va31-ubhz	https://security-tracker.debian.org/tracker/data/json	38.5.0
2026-04-24T10:33:33.149722+00:00	Debian Importer	Affected by	VCID-4wx3-ary7-2be6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-24T08:03:31.941215+00:00	Debian Importer	Affected by	VCID-6vp5-c27t-zkhh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:07:09.435918+00:00	Debian Importer	Affected by	VCID-h16m-x9wr-7yem	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:00:53.422760+00:00	Debian Importer	Affected by	VCID-yj5c-4wbb-gbcx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:29:36.426355+00:00	Debian Importer	Affected by	VCID-x59b-qzje-7qf9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:12:42.880990+00:00	Debian Importer	Affected by	VCID-2uqz-va31-ubhz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:03:42.909452+00:00	Debian Importer	Affected by	VCID-fj7w-564m-yuca	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:17:10.558378+00:00	Debian Importer	Affected by	VCID-h16m-x9wr-7yem	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:28:34.262114+00:00	Debian Importer	Affected by	VCID-yj5c-4wbb-gbcx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:04:57.595777+00:00	Debian Importer	Affected by	VCID-x59b-qzje-7qf9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:56.102663+00:00	Debian Importer	Affected by	VCID-2uqz-va31-ubhz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:45:00.413764+00:00	Debian Importer	Affected by	VCID-fj7w-564m-yuca	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:30:53.643252+00:00	Debian Importer	Affected by	VCID-h16m-x9wr-7yem	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:58:09.283745+00:00	Debian Importer	Affected by	VCID-yj5c-4wbb-gbcx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:42:17.220189+00:00	Debian Importer	Affected by	VCID-x59b-qzje-7qf9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:41:00.705726+00:00	Debian Importer	Affected by	VCID-fj7w-564m-yuca	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:33:55.735291+00:00	Debian Importer	Affected by	VCID-2uqz-va31-ubhz	https://security-tracker.debian.org/tracker/data/json	38.1.0