High severity7.5NVD Advisory· Published May 29, 2026· Updated Jun 1, 2026
CVE-2026-46599
CVE-2026-46599
Description
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- osv-coords20 versionspkg:apk/chainguard/cgpkg:apk/chainguard/chainctlpkg:apk/chainguard/chainctl-fipspkg:apk/chainguard/gatuspkg:apk/chainguard/gatus-fipspkg:apk/chainguard/gitlab-workhorse-ce-18.10pkg:apk/chainguard/gitlab-workhorse-ce-18.9pkg:apk/chainguard/gitlab-workhorse-ce-fips-18.10pkg:apk/chainguard/glabpkg:apk/chainguard/seaweedfspkg:apk/chainguard/seaweedfs-fipspkg:apk/chainguard/seaweedfs-operatorpkg:apk/chainguard/seaweedfs-operator-fipspkg:apk/chainguard/seaweedfs-rocksdbpkg:apk/chainguard/seaweedfs-rocksdb-fipspkg:apk/chainguard/tailscalepkg:apk/wolfi/gatuspkg:apk/wolfi/glabpkg:apk/wolfi/seaweedfspkg:apk/wolfi/tailscale
< 0+ 19 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 18.10.8-r1
- (no CPE)range: < 18.9.8-r3
- (no CPE)range: < 18.10.8-r1
- (no CPE)range: < 0
- (no CPE)range: < 4.34-r1
- (no CPE)range: < 4.34-r1
- (no CPE)range: < 1.0.26-r1
- (no CPE)range: < 1.0.26-r1
- (no CPE)range: < 4.34-r1
- (no CPE)range: < 4.34-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 4.34-r1
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.