CVE-2026-42500

Published: Mag 29, 2026 Last Modified: Mag 29, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low

Description

AI Translation Available

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

https://go.dev/cl/781500
https://go.dev/cl/781500
https://go.dev/issue/79576
https://go.dev/issue/79576
https://groups.google.com/g/golang-announce/c/uhYX90BlBvI
https://groups.google.com/g/golang-announce/c/uhYX90BlBvI
https://pkg.go.dev/vuln/GO-2026-5031
https://pkg.go.dev/vuln/GO-2026-5031