CVE Catalog
CVE-2026-46601
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.15%
5th percentile — higher than 5% of all known CVEs
Summary
The WebP decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.
Risk Assessment
An attacker can exploit this vulnerability to cause a critical error (panic) in applications processing WebP images, potentially leading to denial of service (DoS).
Recommendation
Update the WebP decoding library to the latest version that includes a fix preventing crashes due to mismatched dimensions.
Original NVD description (English source)
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

