CVE-2026-33809

Public on 2026-03-25
Modified on 2026-05-05
Description
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent Not Affected
Amazon Linux 2023 amazon-cloudwatch-agent Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2 - Ecs Extra amazon-ecr-credential-helper Not Affected
Amazon Linux 2023 amazon-ecr-credential-helper Not Affected
Amazon Linux 2 - Core amazon-ssm-agent Not Affected
Amazon Linux 2023 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core cni-plugins Not Affected
Amazon Linux 2023 cni-plugins Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd Not Affected
Amazon Linux 2 - Docker Extra containerd Not Affected
Amazon Linux 2 - Ecs Extra containerd Not Affected
Amazon Linux 2023 containerd Not Affected
Amazon Linux 2023 credentials-fetcher Not Affected
Amazon Linux 2 - Core cri-tools Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker Not Affected
Amazon Linux 2 - Docker Extra docker Not Affected
Amazon Linux 2 - Ecs Extra docker Not Affected
Amazon Linux 2023 docker Not Affected
Amazon Linux 2 - Ecs Extra ecs-init Not Affected
Amazon Linux 2023 ecs-init Not Affected
Amazon Linux 2023 git-lfs Not Affected
Amazon Linux 2 - Core golang Not Affected
Amazon Linux 2023 golang Not Affected
Amazon Linux 2023 golang-github-burntsushi-toml Not Affected
Amazon Linux 2023 golang-github-burntsushi-toml-test Not Affected
Amazon Linux 2023 golang-github-cpuguy83-md2man Not Affected
Amazon Linux 2023 golist Not Affected
Amazon Linux 2023 libcap Not Affected
Amazon Linux 2023 nerdctl Not Affected
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra oci-add-hooks Not Affected
Amazon Linux 2 - Docker Extra oci-add-hooks Not Affected
Amazon Linux 2 - Ecs Extra oci-add-hooks Not Affected
Amazon Linux 2023 oci-add-hooks Not Affected
Amazon Linux 2 - Core rclone Not Affected
Amazon Linux 2023 rclone Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra runc Not Affected
Amazon Linux 2 - Docker Extra runc Not Affected
Amazon Linux 2 - Ecs Extra runc Not Affected
Amazon Linux 2023 runc Not Affected
Amazon Linux 2 - Docker Extra runfinch-finch Not Affected
Amazon Linux 2023 runfinch-finch Not Affected
Amazon Linux 2 - Docker Extra soci-snapshotter Not Affected
Amazon Linux 2023 soci-snapshotter Not Affected
Amazon Linux 2023 yq Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-33809 Mitre: CVE-2026-33809