Lucene search

[email protected]NVD:CVE-2024-41131

HistoryJul 22, 2024 - 3:15 p.m.

CVE-2024-41131

2024-07-2215:15:03

CWE-787

[email protected]

web.nvd.nist.gov

imagesharp

2d graphics

out-of-bounds write

gif decoder

denial of service

upgrade

v3.1.5

v2.1.9

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.9%

JSON

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.

Affected configurations

Nvd

Node

sixlaborsimagesharpRange2.1.0–2.1.9

sixlaborsimagesharpRange3.1.0–3.1.5

VendorProductVersionCPE
sixlaborsimagesharp*cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sixlabors	imagesharp	*	cpe:2.3:a:sixlabors:imagesharp::::::::

References

github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693

github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb

github.com/SixLabors/ImageSharp/pull/2754

github.com/SixLabors/ImageSharp/pull/2756

github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.9%

JSON

Related for NVD:CVE-2024-41131

cvelist1 osv2 veracode1 vulnrichment1 cve1 github1