Google Git
Sign in
go/image/refs/tags/v0.41.0
commit
0d61147654dcd60265f4bfa72e5f66f578630e22
[log]
author
Damien Neil <dneil@google.com>
Wed Apr 22 08:03:05 2026 -0700
committer
Gopher Robot <gobot@golang.org>
Thu May 21 13:57:52 2026 -0700
tree
c4056b4e48fdfa52f8fdf248a2af6df209ab58f8
parent
fe8ae458fe5e09e39a635719a8c2ec5393d0e815 [diff]
bmp: reject input with invalid palette index

Do not decode a paletted BMP with an out-of-range
palette reference. Avoids a panic when accessing
pixels in the invalid image.

Fixes golang/go#79576
Fixes CVE-2026-42500

Change-Id: I343deae3a777e91fd4003f04eeda929e6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/image/+/781500
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
2 files changed
tree: c4056b4e48fdfa52f8fdf248a2af6df209ab58f8
  1. bmp/
  2. ccitt/
  3. cmd/
  4. colornames/
  5. draw/
  6. example/
  7. font/
  8. math/
  9. riff/
  10. testdata/
  11. tiff/
  12. vector/
  13. vp8/
  14. vp8l/
  15. webp/
  16. .gitattributes
  17. .gitignore
  18. codereview.cfg
  19. CONTRIBUTING.md
  20. go.mod
  21. go.sum
  22. LICENSE
  23. PATENTS
  24. README.md
README.md

Go Images

Go Reference

This repository holds supplementary Go image packages.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://go.dev/doc/contribute.

The git repository is https://go.googlesource.com/image.

The main issue tracker for the image repository is located at https://go.dev/issues. Prefix your issue with “x/image:” in the subject line, so it is easy to find.