CVE-2026-33813
published 2026-04-21CVE-2026-33813: Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | platform-operator-bundle | — | — |
| cryostat | cryostat-storage-rhel9 | — | — |
| go-toolset_rhel8 | golang | — | — |
| golang.org | x_image_golang.org_x_image_webp | < 0.39.0 | 0.39.0 |
| golang | image | < 0.39.0 | 0.39.0 |
| multicluster-globalhub | multicluster-globalhub-grafana-rhel9 | — | — |
| openshift-gitops-1 | argocd-rhel8 | — | — |
| openshift-gitops-1 | argocd-rhel9 | — | — |
| openshift-logging | cluster-logging-rhel9-operator | — | — |
| openshift-serverless-1 | kn-plugin-event-sender-rhel9 | — | — |
| openshift-service-mesh | istio-rhel8-operator | — | — |
| openshift4 | ose-tests-rhel9 | — | — |
| rhacm2 | acm-grafana-rhel9 | — | — |
| rhacm2 | volsync-rhel9 | — | — |
| rhoai | odh-model-registry-rhel9 | — | — |
| rhoso-operators | openstack-operator-bundle | — | — |