Vulnerabilites related to sixlabors - imagesharp
Vulnerability from fkie_nvd
Published
2024-07-22 15:15
Modified
2024-11-21 09:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixlabors | imagesharp | * | |
| sixlabors | imagesharp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31448E6E-6851-4531-A627-96FFEB568E92",
"versionEndExcluding": "2.1.9",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "385975D3-74DE-436B-8D5E-612F3F3757AD",
"versionEndExcluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9."
},
{
"lang": "es",
"value": " ImageSharp es una API de gr\u00e1ficos 2D. Se ha encontrado una vulnerabilidad de escritura fuera de los l\u00edmites en el decodificador de gif de ImageSharp, lo que permite a los atacantes provocar un bloqueo utilizando un gif especialmente manipulado. Esto puede conducir potencialmente a la denegaci\u00f3n del servicio. Se recomienda a todos los usuarios que actualicen a v3.1.5 o v2.1.9."
}
],
"id": "CVE-2024-41131",
"lastModified": "2024-11-21T09:32:17.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-22T15:15:03.933",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2754"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2756"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-06 23:15
Modified
2025-03-24 18:36
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/SixLabors/ImageSharp/issues/2859 | Exploit, Issue Tracking | |
| security-advisories@github.com | https://github.com/SixLabors/ImageSharp/pull/2890 | Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/SixLabors/ImageSharp/issues/2859 | Exploit, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixlabors | imagesharp | * | |
| sixlabors | imagesharp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "579B75C1-2EA3-425B-9239-A749A3E31B71",
"versionEndExcluding": "2.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8918B322-D6CF-4EA6-BD5D-FB9F1938ABBE",
"versionEndExcluding": "3.1.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10."
},
{
"lang": "es",
"value": "ImageSharp es una API de gr\u00e1ficos 2D. Se ha encontrado una vulnerabilidad de escritura fuera de los l\u00edmites en el decodificador de gifs de ImageSharp, que permite a los atacantes provocar un bloqueo utilizando un gif especialmente manipulado. Esto puede provocar una denegaci\u00f3n de servicio. El problema ha sido corregido. Se recomienda a todos los usuarios que actualicen a la versi\u00f3n 3.1.7 o 2.1.10."
}
],
"id": "CVE-2025-27598",
"lastModified": "2025-03-24T18:36:19.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-06T23:15:12.183",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2859"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2890"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2859"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-15 20:15
Modified
2025-01-09 18:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixlabors | imagesharp | * | |
| sixlabors | imagesharp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E81B0-6C7F-43A9-B154-E5BF07241973",
"versionEndExcluding": "2.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB61675-C17E-41D0-AFBF-24E39F753A0A",
"versionEndExcluding": "3.1.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp\u0027s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8."
},
{
"lang": "es",
"value": "ImageSharp es una API de gr\u00e1ficos 2D. Se encontr\u00f3 una falla de heap-use-after-free en los decodificadores JPEG y TGA de ImageSharp. Esta vulnerabilidad se activa cuando un atacante pasa un archivo de imagen JPEG o TGA especialmente manipulado a ImageSharp para su conversi\u00f3n, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n. El problema se solucion\u00f3 en v3.1.4 y v2.1.8."
}
],
"id": "CVE-2024-32036",
"lastModified": "2025-01-09T18:14:46.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-15T20:15:11.543",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-226"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-22 15:15
Modified
2024-11-21 09:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixlabors | imagesharp | * | |
| sixlabors | imagesharp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31448E6E-6851-4531-A627-96FFEB568E92",
"versionEndExcluding": "2.1.9",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "385975D3-74DE-436B-8D5E-612F3F3757AD",
"versionEndExcluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9."
},
{
"lang": "es",
"value": " ImageSharp es una API de gr\u00e1ficos 2D. Una vulnerabilidad descubierta en la librer\u00eda ImageSharp, donde el procesamiento de archivos especialmente manipulados puede provocar un uso excesivo de memoria en el decodificador Gif. La vulnerabilidad se activa cuando ImageSharp intenta procesar archivos de imagen dise\u00f1ados para explotar este fallo. Se recomienda a todos los usuarios que actualicen a v3.1.5 o v2.1.9."
}
],
"id": "CVE-2024-41132",
"lastModified": "2024-11-21T09:32:17.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-22T15:15:04.160",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2759"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2764"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2770"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-15 20:15
Modified
2025-01-09 18:35
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixlabors | imagesharp | * | |
| sixlabors | imagesharp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E81B0-6C7F-43A9-B154-E5BF07241973",
"versionEndExcluding": "2.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB61675-C17E-41D0-AFBF-24E39F753A0A",
"versionEndExcluding": "3.1.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8."
},
{
"lang": "es",
"value": "ImageSharp es una API de gr\u00e1ficos 2D. Una vulnerabilidad descubierta en la librer\u00eda ImageSharp, donde el procesamiento de archivos especialmente manipulados puede provocar un uso excesivo de memoria en los decodificadores de im\u00e1genes. La vulnerabilidad se activa cuando ImageSharp intenta procesar archivos de imagen manipulados para explotar esta falla. Esta falla puede explotarse para provocar una denegaci\u00f3n de servicio (DoS) al agotar la memoria del proceso, afectando as\u00ed a las aplicaciones y servicios que dependen de ImageSharp para las tareas de procesamiento de im\u00e1genes. Se recomienda a los usuarios y administradores que actualicen a la \u00faltima versi\u00f3n de ImageSharp que solucione esta vulnerabilidad para mitigar el riesgo de explotaci\u00f3n. El problema se solucion\u00f3 en v3.1.4 y v2.1.8."
}
],
"id": "CVE-2024-32035",
"lastModified": "2025-01-09T18:35:14.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-15T20:15:11.323",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 17:15
Modified
2025-01-21 15:14
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sixlabors | imagesharp | * | |
| sixlabors | imagesharp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E09C0AC-A735-4459-A0FC-F78229B384D2",
"versionEndExcluding": "2.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78410C1A-0CE5-46D9-B989-97DE97235B30",
"versionEndExcluding": "3.1.3",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp\u0027s InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7."
},
{
"lang": "es",
"value": "ImageSharp es una librer\u00eda de gr\u00e1ficos 2D multiplataforma administrada. Se encontr\u00f3 una falla de heap-use-after-free en la funci\u00f3n InitializeImage() de ImageSharp del archivo PngDecoderCore.cs. Esta vulnerabilidad se activa cuando un atacante pasa un archivo de imagen PNG especialmente manipulado a ImageSharp para su conversi\u00f3n, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n. Este problema se solucion\u00f3 en las versiones 3.1.3 y 2.1.7."
}
],
"id": "CVE-2024-27929",
"lastModified": "2025-01-21T15:14:31.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T17:15:07.097",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-54575 (GCVE-0-2025-54575)
Vulnerability from cvelistv5
Published
2025-07-30 19:55
Modified
2025-07-30 19:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: < 2.1.11 Version: >= 3.0.0, < 3.1.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T19:59:26.928297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:59:35.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.11"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T19:55:16.248Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-rxmq-m78w-7wmc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-rxmq-m78w-7wmc"
},
{
"name": "https://github.com/SixLabors/ImageSharp/issues/2953",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2953"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/55e49262df9a057dff9b7807ed1b7bdb49187c3f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/55e49262df9a057dff9b7807ed1b7bdb49187c3f"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/833f3ceec35af6b775950e06f03b934546cefbf6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/833f3ceec35af6b775950e06f03b934546cefbf6"
}
],
"source": {
"advisory": "GHSA-rxmq-m78w-7wmc",
"discovery": "UNKNOWN"
},
"title": "ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54575",
"datePublished": "2025-07-30T19:55:16.248Z",
"dateReserved": "2025-07-25T16:19:16.092Z",
"dateUpdated": "2025-07-30T19:59:35.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32036 (GCVE-0-2024-32036)
Vulnerability from cvelistv5
Published
2024-04-15 20:08
Modified
2024-08-02 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Summary
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: < 2.1.8 Version: >= 3.0.0, < 3.1.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThan": "2.1.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThanOrEqual": "3.1.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:48:40.487832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:18.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:42.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp\u0027s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T22:58:38.425Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba"
}
],
"source": {
"advisory": "GHSA-5x7m-6737-26cr",
"discovery": "UNKNOWN"
},
"title": "SixLabors.ImageSharp vulnerable to data leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32036",
"datePublished": "2024-04-15T20:08:44.284Z",
"dateReserved": "2024-04-09T15:29:35.939Z",
"dateUpdated": "2024-08-02T02:06:42.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41131 (GCVE-0-2024-41131)
Vulnerability from cvelistv5
Published
2024-07-22 14:24
Modified
2024-08-02 04:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: < 2.1.9 Version: >= 3.0.0, < 3.1.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThan": "2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.5",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T20:46:35.145007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:46:58.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2754",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2754"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2756",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2756"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:24:42.461Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2754",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2754"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2756",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2756"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb"
}
],
"source": {
"advisory": "GHSA-63p8-c4ww-9cg7",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in SixLabors ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41131",
"datePublished": "2024-07-22T14:24:42.461Z",
"dateReserved": "2024-07-15T15:53:28.324Z",
"dateUpdated": "2024-08-02T04:46:52.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32035 (GCVE-0-2024-32035)
Vulnerability from cvelistv5
Published
2024-04-15 19:59
Modified
2024-08-02 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: < 2.1.8 Version: >= 3.0.0, < 3.1.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThanOrEqual": "3.1.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T19:24:51.431151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:49.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:42.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T19:59:59.530Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"source": {
"advisory": "GHSA-g85r-6x2q-45w7",
"discovery": "UNKNOWN"
},
"title": "Memory Allocation with Excessive Size Value in SixLabors.ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32035",
"datePublished": "2024-04-15T19:59:59.530Z",
"dateReserved": "2024-04-09T15:29:35.939Z",
"dateUpdated": "2024-08-02T02:06:42.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27929 (GCVE-0-2024-27929)
Vulnerability from cvelistv5
Published
2024-03-05 16:30
Modified
2024-08-02 00:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: >= 3.0.0, < 3.1.3 Version: < 2.1.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:16:14.955686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T01:55:57.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.3"
},
{
"status": "affected",
"version": "\u003c 2.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp\u0027s InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-06T21:57:58.269Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r"
}
],
"source": {
"advisory": "GHSA-65x7-c272-7g7r",
"discovery": "UNKNOWN"
},
"title": "Use After Free in SixLabors.ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27929",
"datePublished": "2024-03-05T16:30:35.795Z",
"dateReserved": "2024-02-28T15:14:14.215Z",
"dateUpdated": "2024-08-02T00:41:55.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27598 (GCVE-0-2025-27598)
Vulnerability from cvelistv5
Published
2025-03-06 22:23
Modified
2025-03-07 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: < 2.1.10 Version: >= 3.0.0, < 3.1.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:41:27.595165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:41:43.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2859"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.10"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T22:23:39.486Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8"
},
{
"name": "https://github.com/SixLabors/ImageSharp/issues/2859",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/issues/2859"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2890",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2890"
}
],
"source": {
"advisory": "GHSA-2cmq-823j-5qj8",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Write in SixLabors ImageSharp"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27598",
"datePublished": "2025-03-06T22:23:39.486Z",
"dateReserved": "2025-03-03T15:10:34.078Z",
"dateUpdated": "2025-03-07T19:41:43.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41132 (GCVE-0-2024-41132)
Vulnerability from cvelistv5
Published
2024-07-22 14:28
Modified
2024-08-02 04:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SixLabors | ImageSharp |
Version: < 2.1.9 Version: >= 3.0.0, < 3.1.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "imagesharp",
"vendor": "sixlabors",
"versions": [
{
"lessThan": "2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.5",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T16:48:46.097607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T16:49:43.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2759",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2759"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2764",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2764"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2770",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2770"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageSharp",
"vendor": "SixLabors",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:28:25.348Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2759",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2759"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2764"
},
{
"name": "https://github.com/SixLabors/ImageSharp/pull/2770",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/pull/2770"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56"
},
{
"name": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"
},
{
"name": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html"
}
],
"source": {
"advisory": "GHSA-qxrv-gp6x-rc23",
"discovery": "UNKNOWN"
},
"title": "SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41132",
"datePublished": "2024-07-22T14:28:25.348Z",
"dateReserved": "2024-07-15T15:53:28.324Z",
"dateUpdated": "2024-08-02T04:46:52.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}