CVE-2026-33813
HIGHDescription
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
Is your site exposed to CVE-2026-33813?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Affected Products
| Vendor | Product |
|---|---|
| golang | image |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-33813? +
How severe is CVE-2026-33813? +
What products are affected by CVE-2026-33813? +
How do I check if I'm vulnerable to CVE-2026-33813? +
Related Vulnerabilities
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other …
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses …
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the …
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would …
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination …
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' …