Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by SixLabors
CVE-2025-54575 (GCVE-0-2025-54575)
Vulnerability from cvelistv5 – Published: 2025-07-30 19:55 – Updated: 2025-07-30 19:59
VLAI
Title
ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks
Summary
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
| https://github.com/SixLabors/ImageSharp/issues/2953 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/55… | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/83… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
< 2.1.11
Affected: >= 3.0.0, < 3.1.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T19:59:26.928297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:59:35.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.11"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:55:16.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-rxmq-m78w-7wmc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-rxmq-m78w-7wmc"
},
{
"name": "https://github.com/SixLabors/ImageSharp/issues/2953",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2953"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/55e49262df9a057dff9b7807ed1b7bdb49187c3f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/55e49262df9a057dff9b7807ed1b7bdb49187c3f"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/833f3ceec35af6b775950e06f03b934546cefbf6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/833f3ceec35af6b775950e06f03b934546cefbf6"
}
],
"source": {
"advisory": "GHSA-rxmq-m78w-7wmc",
"discovery": "UNKNOWN"
},
"title": "ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54575",
"datePublished": "2025-07-30T19:55:16.248Z",
"dateReserved": "2025-07-25T16:19:16.092Z",
"dateUpdated": "2025-07-30T19:59:35.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27598 (GCVE-0-2025-27598)
Vulnerability from cvelistv5 – Published: 2025-03-06 22:23 – Updated: 2025-03-07 19:41
VLAI
Title
Out-of-bounds Write in SixLabors ImageSharp
Summary
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
| https://github.com/SixLabors/ImageSharp/issues/2859 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/pull/2890 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
< 2.1.10
Affected: >= 3.0.0, < 3.1.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:41:27.595165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:41:43.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2859"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.10"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T22:23:39.486Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8"
},
{
"name": "https://github.com/SixLabors/ImageSharp/issues/2859",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2859"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2890",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2890"
}
],
"source": {
"advisory": "GHSA-2cmq-823j-5qj8",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in SixLabors ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27598",
"datePublished": "2025-03-06T22:23:39.486Z",
"dateReserved": "2025-03-03T15:10:34.078Z",
"dateUpdated": "2025-03-07T19:41:43.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41132 (GCVE-0-2024-41132)
Vulnerability from cvelistv5 – Published: 2024-07-22 14:28 – Updated: 2024-08-02 04:46
VLAI
Title
SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder
Summary
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
| https://github.com/SixLabors/ImageSharp/pull/2759 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/pull/2764 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/pull/2770 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/59… | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/98… | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/b4… | x_refsource_MISC |
| https://docs.sixlabors.com/articles/imagesharp.we… | x_refsource_MISC |
| https://docs.sixlabors.com/articles/imagesharp/se… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
< 2.1.9
Affected: >= 3.0.0, < 3.1.5 |
|
| sixlabors | imagesharp |
Affected:
0 , < 2.1.9
(custom)
Affected: 3.0.0 , < 3.1.5 (custom) cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThan": "2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.5",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T16:48:46.097607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T16:49:43.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2759",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2759"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2764",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2764"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2770",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2770"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:28:25.348Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2759",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2759"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2764"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2770",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2770"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"source": {
"advisory": "GHSA-qxrv-gp6x-rc23",
"discovery": "UNKNOWN"
},
"title": "SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41132",
"datePublished": "2024-07-22T14:28:25.348Z",
"dateReserved": "2024-07-15T15:53:28.324Z",
"dateUpdated": "2024-08-02T04:46:52.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41131 (GCVE-0-2024-41131)
Vulnerability from cvelistv5 – Published: 2024-07-22 14:24 – Updated: 2024-08-02 04:46
VLAI
Title
Out-of-bounds Write in SixLabors ImageSharp
Summary
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
| https://github.com/SixLabors/ImageSharp/pull/2754 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/pull/2756 | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/9d… | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/a1… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
< 2.1.9
Affected: >= 3.0.0, < 3.1.5 |
|
| sixlabors | imagesharp |
Affected:
0 , < 2.1.9
(custom)
Affected: 3.0.0 , < 3.1.5 (custom) cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThan": "2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.5",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T20:46:35.145007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:46:58.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2754",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2754"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2756",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2756"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:24:42.461Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2754",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2754"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2756",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2756"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb"
}
],
"source": {
"advisory": "GHSA-63p8-c4ww-9cg7",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in SixLabors ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41131",
"datePublished": "2024-07-22T14:24:42.461Z",
"dateReserved": "2024-07-15T15:53:28.324Z",
"dateUpdated": "2024-08-02T04:46:52.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32036 (GCVE-0-2024-32036)
Vulnerability from cvelistv5 – Published: 2024-04-15 20:08 – Updated: 2024-08-02 02:06
VLAI
Title
SixLabors.ImageSharp vulnerable to data leakage
Summary
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
| https://github.com/SixLabors/ImageSharp/commit/8f… | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/da… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
< 2.1.8
Affected: >= 3.0.0, < 3.1.4 |
|
| sixlabors | imagesharp |
Affected:
0 , < 2.1.8
(semver)
cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:* |
|
| sixlabors | imagesharp |
Affected:
3.0.0 , ≤ 3.1.4
(semver)
cpe:2.3:a:sixlabors:imagesharp:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThan": "2.1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThanOrEqual": "3.1.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:48:40.487832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:18.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:42.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp\u0027s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T22:58:38.425Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba"
}
],
"source": {
"advisory": "GHSA-5x7m-6737-26cr",
"discovery": "UNKNOWN"
},
"title": "SixLabors.ImageSharp vulnerable to data leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32036",
"datePublished": "2024-04-15T20:08:44.284Z",
"dateReserved": "2024-04-09T15:29:35.939Z",
"dateUpdated": "2024-08-02T02:06:42.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32035 (GCVE-0-2024-32035)
Vulnerability from cvelistv5 – Published: 2024-04-15 19:59 – Updated: 2024-08-02 02:06
VLAI
Title
Memory Allocation with Excessive Size Value in SixLabors.ImageSharp
Summary
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
| https://github.com/SixLabors/ImageSharp/commit/b6… | x_refsource_MISC |
| https://github.com/SixLabors/ImageSharp/commit/f2… | x_refsource_MISC |
| https://docs.sixlabors.com/articles/imagesharp.we… | x_refsource_MISC |
| https://docs.sixlabors.com/articles/imagesharp/se… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
< 2.1.8
Affected: >= 3.0.0, < 3.1.4 |
|
| sixlabors | imagesharp |
Affected:
3.0.0 , ≤ 3.1.4
(semver)
cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThanOrEqual": "3.1.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T19:24:51.431151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:49.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:42.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T19:59:59.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"source": {
"advisory": "GHSA-g85r-6x2q-45w7",
"discovery": "UNKNOWN"
},
"title": "Memory Allocation with Excessive Size Value in SixLabors.ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32035",
"datePublished": "2024-04-15T19:59:59.530Z",
"dateReserved": "2024-04-09T15:29:35.939Z",
"dateUpdated": "2024-08-02T02:06:42.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27929 (GCVE-0-2024-27929)
Vulnerability from cvelistv5 – Published: 2024-03-05 16:30 – Updated: 2024-08-02 00:41
VLAI
Title
Use After Free in SixLabors.ImageSharp
Summary
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SixLabors/ImageSharp/security/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SixLabors | ImageSharp |
Affected:
>= 3.0.0, < 3.1.3
Affected: < 2.1.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:16:14.955686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T01:55:57.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003c 2.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp\u0027s InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T21:57:58.269Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r"
}
],
"source": {
"advisory": "GHSA-65x7-c272-7g7r",
"discovery": "UNKNOWN"
},
"title": "Use After Free in SixLabors.ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27929",
"datePublished": "2024-03-05T16:30:35.795Z",
"dateReserved": "2024-02-28T15:14:14.215Z",
"dateUpdated": "2024-08-02T00:41:55.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}