CVE-2025-27598

Опубликовано: 06 мар. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.

Ссылки

https://github.com/SixLabors/ImageSharp/issues/2859
Exploit
Issue Tracking
https://github.com/SixLabors/ImageSharp/pull/2890
Issue Tracking
Patch
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8
Vendor Advisory
https://github.com/SixLabors/ImageSharp/issues/2859
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*

Версия до 2.1.10 (исключая)

cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.1.7 (исключая)

EPSS

Процентиль: 50%

0.00272

Низкий

7.5 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-2cmq-823j-5qj8