Описание
SixLabors ImageSharp Out-of-bounds Write
Impact
An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.
Workarounds
None.
References
https://github.com/SixLabors/ImageSharp/pull/2754 https://github.com/SixLabors/ImageSharp/pull/2756
Ссылки
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
- https://nvd.nist.gov/vuln/detail/CVE-2024-41131
- https://github.com/SixLabors/ImageSharp/pull/2754
- https://github.com/SixLabors/ImageSharp/pull/2756
- https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693
- https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
Пакеты
SixLabors.ImageSharp
< 2.1.9
2.1.9
SixLabors.ImageSharp
>= 3.0.0, < 3.1.5
3.1.5
Связанные уязвимости
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.