CVE Catalog

CVE-2026-46601

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

The WebP decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

Risk Assessment

An attacker can exploit this vulnerability to cause a critical error (panic) in applications processing WebP images, potentially leading to denial of service (DoS).

Recommendation

Update the WebP decoding library to the latest version that includes a fix preventing crashes due to mismatched dimensions.

Original NVD description (English source)

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS