Back

CVE-2024-41132

July 22, 2024, 3:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

ImageSharp

  • 2.1.9
  • 3.1.5

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-789
2024-07-22
CVE-2024-41132

CVE-2024-41132 details

Published : July 22, 2024, 3:15 p.m.
Last Modified : July 22, 2024, 3:15 p.m.

Description

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

CVSS Score

1 2 3 4 5.3 6 7 8 9 10

Weakness

Weakness Name Description
CWE-789 Memory Allocation with Excessive Size Value The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

Base Score

5.3

Exploitability Score

3.9

Impact Score

1.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

URL Source
https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands security-advisories@github.com
https://docs.sixlabors.com/articles/imagesharp/security.html security-advisories@github.com
https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 security-advisories@github.com
https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 security-advisories@github.com
https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a security-advisories@github.com
https://github.com/SixLabors/ImageSharp/pull/2759 security-advisories@github.com
https://github.com/SixLabors/ImageSharp/pull/2764 security-advisories@github.com
https://github.com/SixLabors/ImageSharp/pull/2770 security-advisories@github.com
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23 security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.