Commit b565f3e
authored
fix(deps): update module golang.org/x/image to v0.43.0 [security] (#38219)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [golang.org/x/image](https://pkg.go.dev/golang.org/x/image) |
[`v0.42.0` →
`v0.43.0`](https://cs.opensource.google/go/x/image/+/refs/tags/v0.42.0...refs/tags/v0.43.0)
|

|

|
---
### Panic on VP8 alpha channel size mismatch in x/image/webp in
golang.org/x/image
[CVE-2026-46601](https://nvd.nist.gov/vuln/detail/CVE-2026-46601) /
[GO-2026-5061](https://pkg.go.dev/vuln/GO-2026-5061)
<details>
<summary>More information</summary>
#### Details
The webp decoder can panic when processing a VP8 chunk with dimensions
that do not match the canvas size.
#### Severity
Unknown
#### References
- [https://go.dev/cl/787681](https://go.dev/cl/787681)
- [https://go.dev/issue/79869](https://go.dev/issue/79869)
This data is provided by
[OSV](https://osv.dev/vulnerability/GO-2026-5061) and the [Go
Vulnerability Database](https://redirect.github.com/golang/vulndb)
([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)).
</details>
---
### Lack of limit on tile sizes in x/image/tiff in golang.org/x/image
[CVE-2026-46602](https://nvd.nist.gov/vuln/detail/CVE-2026-46602) /
[GO-2026-5062](https://pkg.go.dev/vuln/GO-2026-5062)
<details>
<summary>More information</summary>
#### Details
The TIFF decoder does not set a limit on the size of tiles in tiled
images, permitting a malicious or corrupt image containing a very large
tile to cause unbounded memory consumption.
#### Severity
Unknown
#### References
- [https://go.dev/cl/788422](https://go.dev/cl/788422)
- [https://go.dev/issue/79905](https://go.dev/issue/79905)
This data is provided by
[OSV](https://osv.dev/vulnerability/GO-2026-5062) and the [Go
Vulnerability Database](https://redirect.github.com/golang/vulndb)
([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)).
</details>
---
### Panic decoding image with out-of-bounds strip offset in x/image/tiff
in golang.org/x/image
[CVE-2026-46604](https://nvd.nist.gov/vuln/detail/CVE-2026-46604) /
[GO-2026-5066](https://pkg.go.dev/vuln/GO-2026-5066)
<details>
<summary>More information</summary>
#### Details
The TIFF decoder can panic when decoding an invalid image with an
out-of-bounds strip offset.
#### Severity
Unknown
#### References
- [https://go.dev/cl/788421](https://go.dev/cl/788421)
- [https://go.dev/issue/80122](https://go.dev/issue/80122)
This data is provided by
[OSV](https://osv.dev/vulnerability/GO-2026-5066) and the [Go
Vulnerability Database](https://redirect.github.com/golang/vulndb)
([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)).
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- ""
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->1 parent 122ebcf commit b565f3e
2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
104 | 104 | | |
105 | 105 | | |
106 | 106 | | |
107 | | - | |
| 107 | + | |
108 | 108 | | |
109 | 109 | | |
110 | 110 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
780 | 780 | | |
781 | 781 | | |
782 | 782 | | |
783 | | - | |
784 | | - | |
| 783 | + | |
| 784 | + | |
785 | 785 | | |
786 | 786 | | |
787 | 787 | | |
| |||
0 commit comments