EUVD-2026-4132

Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp...

GHSA-7JXJ-RPX7-PH2C Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

CVE-2024-32035

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the gif decoder. An attacker can cause a crash using a specially crafted gif, potentially leading to denial of service by exploiting the out-of-bounds write condition. PoC using var image =...

ImageSharp 缓冲区错误漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API open-sourced by Six Labors. A buffer error vulnerability exists in ImageSharp versions prior to v3.1.7 and v2.1.10, which stems from an out-of-bounds write vulnerability in the gif decoder that could result in a cra...

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' through the Gif decoder. An attacker can cause the application to consume excessive memory resources by processing specially crafted image files. Workaround This vulnerability can ...

Out-of-Bounds Write

Overview Affected versions of this package are vulnerable to Out-of-Bounds Write in the ImageSharp gif decoder. An attacker can cause a crash by sending a specially crafted gif file. Remediation Upgrade SixLabors.ImageSharp to version 2.1.9, 3.1.5 or higher. References - GitHub Commit - GitHub...

Sensitive Information in Resource Not Removed Before Reuse

Overview Affected versions of this package are vulnerable to Sensitive Information in Resource Not Removed Before Reuse due to a flaw in the JPEG and TGA decoders, when a specially crafted image file is passed to a software using ImageSharp. An attacker can potentially disclose sensitive...

PT-2024-24371 · Unknown · Imagesharp

Name of the Vulnerable Software and Affected Versions: ImageSharp versions prior to 2.1.8 ImageSharp versions prior to 3.1.4 Description: A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This issue is triggered when an attacker passes a specially crafted JPEG or TGA image file...

ImageSharp 安全漏洞

ImageSharp is a new, full-featured, fully managed, cross-platform 2D graphics API from ImageSharp, Inc. A security vulnerability exists in ImageSharp versions prior to v3.1.4 and prior to v2.1.8, which stems from a heap-release-after-reuse flaw found in ImageSharp's JPEG and TGA decoders, which i...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to the InitializeImage function in the PngDecoderCore.cs file. An attacker can potentially lead to information disclosure by passing a specially crafted PNG image file for conversion. Remediation Upgrade...