Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
SixLabors ImageSharp Out-of-bounds Write
Impact
An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.
Workarounds
None.
References
https://github.com/SixLabors/ImageSharp/pull/2754
https://github.com/SixLabors/ImageSharp/pull/2756
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00056
EPSS Percentile: 0.25503
Identifiers: GHSA-63p8-c4ww-9cg7, CVE-2024-41131
References:
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
- https://nvd.nist.gov/vuln/detail/CVE-2024-41131
- https://github.com/SixLabors/ImageSharp/pull/2754
- https://github.com/SixLabors/ImageSharp/pull/2756
- https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693
- https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
- https://github.com/advisories/GHSA-63p8-c4ww-9cg7
Blast Radius: 1.0
Affected Packages
nuget:SixLabors.ImageSharp
Dependent packages: 744Dependent repositories: 0
Downloads: 134,412,881 total
Affected Version Ranges: >= 3.0.0, < 3.1.5, < 2.1.9
Fixed in: 3.1.5, 2.1.9
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4
All unaffected versions: 2.1.9, 3.1.5, 3.1.6