Primary

Context

Go WebP Image Processing Panic Vulnerability on 32-Bit Platforms

Vulnerability

A vulnerability in the Go programming language's image processing library can lead to a panic when decoding WEBP images with excessively large canvas sizes on 32-bit systems. This issue arises because the library does not properly validate the size of the image, allowing corrupt images to be processed. The vulnerability affects the 'golang.org/x/image/webp' package, prior to version 0.39.0.

Impact

The vulnerability causes a runtime panic, which can disrupt the execution of a program by causing it to crash.

Remediation

Users can update to Go version 0.39.0 or later, where this vulnerability has been addressed.

Added: Apr 21, 2026, 11:51 PM

Updated: Apr 21, 2026, 11:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

6.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

6.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go WebP Image Processing Panic Vulnerability on 32-Bit Platforms

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating