Описание
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.8 (исключая)Версия от 3.0.0 (включая) до 3.1.4 (исключая)
Одно из
cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*
cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.0041
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-226
CWE-212
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
SixLabors.ImageSharp vulnerable to data leakage
EPSS
Процентиль: 61%
0.0041
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-226
CWE-212