Описание
Use After Free in SixLabors.ImageSharp
Impact
A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.3 or v2.1.7.
Workarounds
None
References
None
Пакеты
SixLabors.ImageSharp
>= 3.0.0, < 3.1.3
3.1.3
SixLabors.ImageSharp
< 2.1.7
2.1.7
Связанные уязвимости
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.