{"id":"GO-2026-4961","summary":"Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image","details":"Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.","aliases":["CVE-2026-33813"],"modified":"2026-05-15T10:59:24.181813363Z","published":"2026-04-21T18:59:43Z","related":["CGA-5x5x-xrrw-mj8f","RHSA-2026:7385","RHSA-2026:8291"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-4961"},"references":[{"type":"FIX","url":"https://go.dev/cl/759860"},{"type":"REPORT","url":"https://go.dev/issue/78407"}],"affected":[{"package":{"name":"golang.org/x/image","ecosystem":"Go","purl":"pkg:golang/golang.org/x/image"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.39.0"}]}],"ecosystem_specific":{"imports":[{"path":"golang.org/x/image/webp","symbols":["Decode","DecodeConfig","decode"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4961.json"}}],"schema_version":"1.7.5","credits":[{"name":"Tristan Madani"}]}