On 32-bit platforms, decoding a WebP image with a canvas size that overflows an int32 returns a corrupt Image that will panic when accessed.
WebP VP8X headers may not specify a canvas size (width * height) more than 2^32-1 pixels:
https://www.rfc-editor.org/rfc/rfc9649.html#section-2.7-12
We should not return corrupt images, and we should reject canvases that overflow the defined limit.
Thanks to Tristan Madani for reporting this issue.
This has been designated a PUBLIC track vulnerability and CVE-2026-33813.
On 32-bit platforms, decoding a WebP image with a canvas size that overflows an int32 returns a corrupt Image that will panic when accessed.
WebP VP8X headers may not specify a canvas size (width * height) more than 2^32-1 pixels:
https://www.rfc-editor.org/rfc/rfc9649.html#section-2.7-12
We should not return corrupt images, and we should reject canvases that overflow the defined limit.
Thanks to Tristan Madani for reporting this issue.
This has been designated a PUBLIC track vulnerability and CVE-2026-33813.