Unrated severityNVD Advisory· Published Jun 27, 2026
Debian golang-golang-x-image: The TIFF decoder does not set a limit on the size of tiles in tiled images, perm…
CVE-2026-46602
Description
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.
Affected products
45- osv-coords45 versionspkg:apk/chainguard/bentopkg:apk/chainguard/bento-fipspkg:apk/chainguard/cgpkg:apk/chainguard/chainctlpkg:apk/chainguard/chainctl-fipspkg:apk/chainguard/filebrowserpkg:apk/chainguard/gatuspkg:apk/chainguard/gatus-fipspkg:apk/chainguard/giteapkg:apk/chainguard/gitea-fipspkg:apk/chainguard/glabpkg:apk/chainguard/hugo-extendedpkg:apk/chainguard/hugo-fipspkg:apk/chainguard/kubescapepkg:apk/chainguard/kubescape-serverpkg:apk/chainguard/kubescape-server-downloaderpkg:apk/chainguard/kubescape-server-fipspkg:apk/chainguard/kubescape-server-fips-downloaderpkg:apk/chainguard/mailpitpkg:apk/chainguard/mailpit-fipspkg:apk/chainguard/mattermost-10.11pkg:apk/chainguard/mattermost-11.6pkg:apk/chainguard/mattermost-fips-10.11pkg:apk/chainguard/mattermost-fips-11.6pkg:apk/chainguard/mattermost-fips-11.7pkg:apk/chainguard/mattermost-fips-11.8pkg:apk/chainguard/ollamapkg:apk/chainguard/ollama-fipspkg:apk/chainguard/pdfcpupkg:apk/chainguard/seaweedfs-rocksdbpkg:apk/chainguard/seaweedfs-rocksdb-fipspkg:apk/chainguard/tailscalepkg:apk/wolfi/bentopkg:apk/wolfi/filebrowserpkg:apk/wolfi/gatuspkg:apk/wolfi/giteapkg:apk/wolfi/glabpkg:apk/wolfi/hugo-extendedpkg:apk/wolfi/kubescapepkg:apk/wolfi/mailpitpkg:apk/wolfi/mattermost-10.11pkg:apk/wolfi/mattermost-11.6pkg:apk/wolfi/ollamapkg:apk/wolfi/pdfcpupkg:apk/wolfi/tailscale
< 0+ 44 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.63.16-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.163.3-r1
- (no CPE)range: < 0.163.3-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.30.2-r1
- (no CPE)range: < 1.30.2-r1
- (no CPE)range: < 10.11.21-r1
- (no CPE)range: < 11.6.6-r1
- (no CPE)range: < 10.11.21-r2
- (no CPE)range: < 11.6.6-r1
- (no CPE)range: < 11.7.6-r1
- (no CPE)range: < 11.8.2-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 4.36-r2
- (no CPE)range: < 4.36-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.63.16-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.163.3-r1
- (no CPE)range: < 0
- (no CPE)range: < 1.30.2-r1
- (no CPE)range: < 10.11.21-r1
- (no CPE)range: < 11.6.6-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.