Lucene search

Veracode Vulnerability DatabaseVERACODE:48187

HistoryJul 23, 2024 - 7:34 a.m.

Out-of-bounds Write

2024-07-2307:34:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sixlabors.imagesharp

out-of-bounds write

gif decoder

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

23.9%

JSON

SixLabors.ImageSharp is vulnerable to an Out-of-bounds Write. The vulnerability is due to minCodeSize in the DecodePixels method within the ImageSharp gif decoder, which allows an attacker to crash the application using a specially crafted gif.

References

github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693

github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb

github.com/SixLabors/ImageSharp/pull/2754

github.com/SixLabors/ImageSharp/pull/2756

github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

23.9%

JSON

Related for VERACODE:48187