CVE-2026-46602

Description

The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption.

References

• https://go.dev/cl/788422
• https://go.dev/issue/79905
• https://pkg.go.dev/vuln/GO-2026-5062