CVE-2024-41131

2024-07-2215:15:03

CWE-787

GitHub_M

web.nvd.nist.gov

imagesharp

2d graphics

out-of-bounds write

gif decoder

denial of service

upgrade

v3.1.5

v2.1.9

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.9%

JSON

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

sixlaborsimagesharpRange2.1.0–2.1.9

sixlaborsimagesharpRange3.1.0–3.1.5

VendorProductVersionCPE
sixlaborsimagesharp*cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sixlabors	imagesharp	*	cpe:2.3:a:sixlabors:imagesharp::::::::

CNA Affected

[
  {
    "vendor": "SixLabors",
    "product": "ImageSharp",
    "versions": [
      {
        "version": "< 2.1.9",
        "status": "affected"
      },
      {
        "version": ">= 3.0.0, < 3.1.5",
        "status": "affected"
      }
    ]
  }
]