Veracode Vulnerability DatabaseVERACODE:48184Denial Of Service (DoS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
71.7%
sixlabors.imagesharp is vulnerable to Denial Of Service (DoS). The vulnerability is due to the improper processing of specific gif files, that can leads to excessive memory usage during decoding. Attackers can use a specially crafted file to crash the application or exhaust system resources.
References
docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands
docs.sixlabors.com/articles/imagesharp/security.html
github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515
github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56
github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a
github.com/SixLabors/ImageSharp/pull/2759
github.com/SixLabors/ImageSharp/pull/2764
github.com/SixLabors/ImageSharp/pull/2770
github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
71.7%