CVE-2024-41132 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Assigner	GitHub_M
Reserved	2024-07-15
Published	2024-07-22
Updated	2024-08-02

Description

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

MEDIUM: 5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-789: Memory Allocation with Excessive Size Value

Product status

< 2.1.9

affected

>= 3.0.0, < 3.1.5

affected

References

https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23

https://github.com/SixLabors/ImageSharp/pull/2759

https://github.com/SixLabors/ImageSharp/pull/2764

https://github.com/SixLabors/ImageSharp/pull/2770

https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515

https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56

https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a

https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands

https://docs.sixlabors.com/articles/imagesharp/security.html

cve.org CVE-2024-41132

nvd.nist.gov CVE-2024-41132

Download JSON

https://cve.threatint.com

Subscribe to our newsletter to learn more about our work.