Invalid Image Size Parsing Vulnerability in Go Programming Language
CVE-2026-33813

Currently unrated

Key Information:

Vendor: Golang.org/x/image
Status: Golang.org/x/image/webp
Vendor: CVE Published:; 21 April 2026

🔔 Create Golang.org/x/image Vulnerability Alert

What is CVE-2026-33813?

A vulnerability exists in the Go programming language that affects parsing WEBP images with excessively large sizes. This issue predominantly impacts 32-bit platforms, leading to application panic during the parsing process. Effective measures need to be taken to address this vulnerability to ensure reliable and secure handling of image data within applications.

Affected Version(s)

golang.org/x/image/webp 0 < 0.39.0

References

https://go.dev/cl/759860

https://go.dev/issue/78407

https://pkg.go.dev/vuln/GO-2026-4961

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Tristan Madani

CVE-2026-33813 Data

JSON