|
Vulnerabilities
< Back

CVE-2026-33809

Updated on 25 Mar 2026

Severity

5.3 Medium severity

Details

CVSS score
5.3
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

Details

Affected product:
Grafana , Loki , apache/arrow/go , bketelsen/crypt , bufbuild/protoc-gen-validate , centrifugal/centrifuge , cloud.google.com/go , cloud.google.com/go/bigquery , cloud.google.com/go/firestore , cloud.google.com/go/storage , cncf/xds/go , cortexproject/cortex , eliasnaur/gio , etcd-io/etcd , etcd-io/etcd/client , gioui.org , git.sr.ht/~sbinet/gg , github.com/apache/arrow/go , github.com/bketelsen/crypt , github.com/centrifugal/centrifuge , github.com/cncf/xds/go , github.com/cortexproject/cortex , github.com/envoyproxy/protoc-gen-validate , github.com/go-fonts/dejavu , github.com/go-fonts/latin-modern , github.com/go-fonts/liberation , github.com/go-fonts/stix , github.com/go-kit/kit , github.com/go-latex/latex , github.com/go-pdf/fpdf , github.com/googleapis/google-cloud-go-testing , github.com/grafana/gofpdf , github.com/grpc-ecosystem/go-grpc-middleware , github.com/influxdata/flux , github.com/influxdata/influxdb , github.com/influxdata/tdigest , github.com/influxdata/telegraf , github.com/jung-kurt/gofpdf , github.com/lyft/protoc-gen-star , github.com/phpdave11/gofpdf , github.com/prometheus/client_golang , github.com/prometheus/common , github.com/prometheus/prometheus , github.com/ruudk/golang-pdf417 , github.com/spf13/afero , github.com/spf13/cobra , github.com/spf13/viper , go-fonts/dejavu , go-fonts/latin-modern , go-fonts/liberation , go-fonts/stix , go-kit/kit , go-latex/latex , go-pdf/fpdf , go.etcd.io/etcd , go.etcd.io/etcd/client , go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc , golang.org/x/exp , golang.org/x/image , golang.org/x/mobile , gonum.org/v1/gonum , gonum.org/v1/plot , gonum/exp/gonum , gonum/exp/plot , google.golang.org/grpc , googleapis/gax-go , googleapis/google-api-go-client , googleapis/google-cloud-go , googleapis/google-cloud-go-testing , googleapis/google-cloud-go/bigquery , googleapis/google-cloud-go/firestore , googleapis/google-cloud-go/storage , googlesource/exp , googlesource/image , googlesource/mobile , grafana/gofpdf , grafana/grafana-azure-sdk-go , grafana/grafana-plugin-sdk-go , grpc-ecosystem/go-grpc-middleware , grpc-ecosystem/go-grpc-prometheus , grpc/grpc-go , influxdata/flux , influxdata/influxdb , influxdata/tdigest , influxdata/telegraf , jung-kurt/gofpdf , k8s.io/component-base , kubernetes/component-base , lyft/protoc-gen-star , open-telemetry/opentelemetry-go/exporters/otlp/otlptrace/otlptracegrpc , phpdave11/gofpdf , prometheus/client_golang , prometheus/common , prometheus/prometheus , ruudk/golang-pdf417 , sbinet/gg , spf13/afero , spf13/cobra , spf13/viper
Affected packages:
github.com/prometheus/prometheus @ 1.8.2-0.20210430082741-2a4b8e12bbf2 (+169 more)
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.