Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

CVE-2024-41131

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9...

EUVD-2025-6253

Malicious code in bioql PyPI...

EUVD-2024-2407

Malicious code in bioql PyPI...

EUVD-2024-1108

Malicious code in bioql PyPI...

EUVD-2025-23196

Malicious code in bioql PyPI...

EUVD-2024-1203

Malicious code in bioql PyPI...

EUVD-2024-0840

Malicious code in bioql PyPI...

EUVD-2024-2274

Malicious code in bioql PyPI...

CVE-2025-54575

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575

CVE-2025-54575 affects SixLabors.ImageSharp (GIF decoding path). Versions before 2.1.11 and 3.0.0–3.1.10 are vulnerable to an infinite loop when processing specially crafted GIF files with a malformed comment extension block and missing terminator, leading to DoS. A fix is available in ImageSharp...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

GHSA-RXMQ-M78W-7WMC SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks

Impact A specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input shou...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GIF decoding process when handling malformed comment extension blocks lacking a block terminator. An attacker can cause the application to enter an infinite loop and exhaust...

PT-2025-31440 · Sixlabors · Imagesharp

Name of the Vulnerable Software and Affected Versions: ImageSharp versions prior to 2.1.11 ImageSharp versions 3.0.0 through 3.1.10 Description: ImageSharp is a 2D graphics library susceptible to a denial of service. A specially crafted GIF file containing a malformed comment extension block,...

ImageSharp 安全漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API open-sourced by Six Labors. A security vulnerability exists in ImageSharp versions prior to 2.1.11 and 3.0.0 through 3.1.10, which stems from the possibility of entering an infinite loop when processing specially...

CVE-2024-32036

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of...