← Back

CVE-2026-33812

nvd nist
Published: Apr 21, 2026Modified: May 13, 2026

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Exploitability: 1.8 / Impact: 4.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Parsing a malicious font file can cause excessive memory allocation.

Affected (1)

Products: Golang: Image
Golang
1 product
Image
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Image
Before 0.39.0

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (3)

Source: security@golang.org
Patch
Source: security@golang.org
Issue Tracking
Source: security@golang.org
Vendor Advisory

Timeline

No history available yet.