A vulnerability was found in x-image-tiff up to 0.42.x on Go and classified as problematic . This affects an unknown part of the component TIFF Decoder . Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-46604 . It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.