CVE-2026-33813 | x-image up to 0.38.x on 32-bit WEBP Image Parser integer overflow
VulDBArchived Apr 22, 2026✓ Full text saved
A vulnerability classified as problematic has been found in x-image up to 0.38.x on 32-bit. The affected element is an unknown function of the component WEBP Image Parser . The manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-33813 . Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.
Full text archived locally
✦ AI Summary· Claude Sonnet
VDB-358596 · CVE-2026-33813 · GCVE-0-2026-33813
X-IMAGE UP TO 0.38.X ON 32-BIT WEBP IMAGE PARSER INTEGER OVERFLOW
HISTORYDIFFRELATEJSONXMLCTI
CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score
5.1 $0-$5k 3.31+
Summaryinfo
A vulnerability classified as problematic was found in x-image up to 0.38.x on 32-bit. The impacted element is an unknown function of the component WEBP Image Parser. The manipulation results in integer overflow. This vulnerability is identified as CVE-2026-33813. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.
Detailsinfo
A vulnerability classified as problematic has been found in x-image up to 0.38.x on 32-bit. Affected is an unknown function of the component WEBP Image Parser. The manipulation with an unknown input leads to a integer overflow vulnerability. CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. This is going to have an impact on availability. CVE summarizes:
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.
This vulnerability is traded as CVE-2026-33813 since 03/23/2026. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
Upgrading to version 0.39.0 eliminates this vulnerability.
Productinfo
Name
x-image
Version
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.18
0.19
0.20
0.21
0.22
0.23
0.24
0.25
0.26
0.27
0.28
0.29
0.30
0.31
0.32
0.33
0.34
0.35
0.36
0.37
0.38
CPE 2.3info
🔒
🔒
🔒
CPE 2.2info
🔒
🔒
🔒
CVSSv4info
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3info
VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2info
Vector Complexity Authentication Confidentiality Integrity Availability
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
Unlock Unlock Unlock Unlock Unlock Unlock
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploitinginfo
Class: Integer overflow
CWE: CWE-190 / CWE-189
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Unlock Unlock Unlock Unlock
Today Unlock Unlock Unlock Unlock
Threat Intelligenceinfo
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍
Countermeasuresinfo
Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒
Upgrade: x-image 0.39.0
Timelineinfo
03/23/2026 CVE reserved
04/21/2026 +28 days Advisory disclosed
04/21/2026 +0 days VulDB entry created
04/21/2026 +0 days VulDB entry last update
Sourcesinfo
Status: Confirmed
CVE: CVE-2026-33813 (🔒)
GCVE (CVE): GCVE-0-2026-33813
GCVE (VulDB): GCVE-100-358596
Entryinfo
Created: 04/21/2026 22:38
Changes: 04/21/2026 22:38 (52)
Complete: 🔍
Cache ID: 99:14F:101
Discussion
No comments yet. Languages: en.
Please log in to comment.
◂ PreviousOverviewNext ▸