CVE-2024-41132

MEDIUM

Sixlabors Imagesharp < 2.1.9 - Resource Allocation Without Limits

Title source: rule

Description

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

References (9)

[Vendor Advisory] https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23

[Issue Tracking] https://github.com/SixLabors/ImageSharp/pull/2759

[Issue Tracking] https://github.com/SixLabors/ImageSharp/pull/2764

[Issue Tracking] https://github.com/SixLabors/ImageSharp/pull/2770

[Patch] https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515

[Patch] https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56

[Patch] https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a

View Patch ZIP pw:eip

[Product] https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands

[Product] https://docs.sixlabors.com/articles/imagesharp/security.html

Scores

CVSS v3 5.3

EPSS 0.0064

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770 CWE-789

Status published

Products (2)

nuget/SixLabors.ImageSharp 0 - 2.1.9NuGet

sixlabors/imagesharp 2.1.0 - 2.1.9

Published Jul 22, 2024

Tracked Since Feb 18, 2026