GoogleOSV:GHSA-63P8-C4WW-9CG7SixLabors ImageSharp Out-of-bounds Write
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
23.9%
Impact
An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.
Workarounds
None.
References
https://github.com/SixLabors/ImageSharp/pull/2754
https://github.com/SixLabors/ImageSharp/pull/2756
References
github.com/SixLabors/ImageSharp
github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693
github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
github.com/SixLabors/ImageSharp/pull/2754
github.com/SixLabors/ImageSharp/pull/2756
github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
nvd.nist.gov/vuln/detail/CVE-2024-41131
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
23.9%