Lucene search

GoogleOSV:CVE-2024-41131

HistoryJul 22, 2024 - 3:15 p.m.

CVE-2024-41131

2024-07-2215:15:03

Google

osv.dev

imagesharp

2d graphics

out-of-bounds write

gif decoder

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

23.9%

JSON

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.

References

github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693

github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb

github.com/SixLabors/ImageSharp/pull/2754

github.com/SixLabors/ImageSharp/pull/2756

github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

23.9%

JSON

Related for OSV:CVE-2024-41131