Primary

Context

Go PackBits Decompression Resource Consumption Vulnerability

Vulnerability

Patched

A vulnerability in the TIFF decoder of the Go programming language's image processing package allows for excessive resource consumption during the decompression of PackBits-compressed data. The issue arises because the decoder does not impose a limit on the size of the compressed data, enabling a small, maliciously-crafted image to cause the decoder to process large amounts of data. This vulnerability affects versions of the 'golang.org/x/image' package prior to v0.41.0.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the decoder consumes excessive resources, potentially causing performance degradation or application failure.

Remediation

Users can update to version v0.41.0 of the 'golang.org/x/image' package to address this vulnerability.

Added: May 29, 2026, 8:28 PM

Updated: May 29, 2026, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

9.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

9.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go PackBits Decompression Resource Consumption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

golang.org/x/image/tiff

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating