Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg

Moderate EPSS: 0.00302% (0.53055 Percentile) EPSS:
Permalink JSON

SixLabors.ImageSharp vulnerable to data leakage

Affected Packages Affected Versions Fixed Versions
nuget:SixLabors.ImageSharp >= 3.0.0, < 3.1.4, < 2.1.8 3.1.4, 2.1.8
744 Dependent packages
0 Dependent repositories
173,298,843 Downloads total

Affected Version Ranges

All affected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3

All unaffected versions

2.1.8, 2.1.9, 2.1.10, 2.1.11, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11

Impact

A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.4 or v2.1.8.

Workarounds

None

References

None

References:

Identifiers

GHSA-5x7m-6737-26cr

CVE-2024-32036

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00302

EPSS Percentile: 0.53055

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/SixLabors/ImageSharp

Date and time

Published

over 1 year ago

Updated

7 months ago

API

JSON