CVE-2024-41132
MEDIUMImageSharp < 2.1.9 - Denial of Service via Gif Decoder
Title source: llmDescription
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
References (9)
Core 9
Core References
Vendor Advisory x_refsource_confirm
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23
Issue Tracking x_refsource_misc
https://github.com/SixLabors/ImageSharp/pull/2759
Issue Tracking x_refsource_misc
https://github.com/SixLabors/ImageSharp/pull/2764
Issue Tracking x_refsource_misc
https://github.com/SixLabors/ImageSharp/pull/2770
Patch x_refsource_misc
https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515
Patch x_refsource_misc
https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56
Patch x_refsource_misc
https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a
Product x_refsource_misc
https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands
Product x_refsource_misc
https://docs.sixlabors.com/articles/imagesharp/security.html
Scores
CVSS v3
5.3
EPSS
0.0077
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
CWE-789
Status
published
Products (2)
nuget/SixLabors.ImageSharp
0 - 2.1.9NuGet
sixlabors/imagesharp
2.1.0 - 2.1.9
Published
Jul 22, 2024
Tracked Since
Feb 18, 2026