GHSA-2cmq-823j-5qj8

Опубликовано: 06 мар. 2025

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Out-of-bounds Write in SixLabors ImageSharp

Impact

An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.

Workarounds

None.

References

https://github.com/SixLabors/ImageSharp/issues/2859 https://github.com/SixLabors/ImageSharp/issues/2890

Ссылки

Пакеты

Наименование

SixLabors.ImageSharp

nuget

Затронутые версииВерсия исправления

>= 3.0.0, < 3.1.7

3.1.7

Наименование

SixLabors.ImageSharp

nuget

Затронутые версииВерсия исправления

< 2.1.10

2.1.10

EPSS

Процентиль: 47%

0.00239

Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-27598

Дефекты

CWE-787

Связанные уязвимости

CVE-2025-27598

CVSS3: 7.5

nvd

6 месяцев назад

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.

EPSS

Процентиль: 47%

0.00239

Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-27598

Дефекты

CWE-787