Products
ImageSharp
- 2.1.9
- 3.1.5
Source
security-advisories@github.com
Tags
CVE-2024-41132 details
Published : July 22, 2024, 3:15 p.m.
Last Modified : July 22, 2024, 3:15 p.m.
Last Modified : July 22, 2024, 3:15 p.m.
Description
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
CVSS Score
1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-789 | Memory Allocation with Excessive Size Value | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References
URL | Source |
---|---|
https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands | security-advisories@github.com |
https://docs.sixlabors.com/articles/imagesharp/security.html | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/pull/2759 | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/pull/2764 | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/pull/2770 | security-advisories@github.com |
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23 | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.