5 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-41132 – SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

https://notcve.org/view.php?id=CVE-2024-41132

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9. ImageSharp es una API de gráficos 2D. • https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands https://docs.sixlabors.com/articles/imagesharp/security.html https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a https://github.com/SixLabors/ImageSharp/pull/2759 https://github.com/SixLabors/ImageSharp/pull/2764 https://github.com/SixLabors • CWE-789: Memory Allocation with Excessive Size Value •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-41131 – Out-of-bounds Write in SixLabors ImageSharp

https://notcve.org/view.php?id=CVE-2024-41131

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9. ImageSharp es una API de gráficos 2D. • https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693 https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb https://github.com/SixLabors/ImageSharp/pull/2754 https://github.com/SixLabors/ImageSharp/pull/2756 https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7 • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-32036 – SixLabors.ImageSharp vulnerable to data leakage

https://notcve.org/view.php?id=CVE-2024-32036

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8. ImageSharp es una API de gráficos 2D. • https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68 https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-32035 – Memory Allocation with Excessive Size Value in SixLabors.ImageSharp

https://notcve.org/view.php?id=CVE-2024-32035

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. • https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands https://docs.sixlabors.com/articles/imagesharp/security.html https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3 https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27 https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7 • CWE-789: Memory Allocation with Excessive Size Value •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-27929 – Use After Free in SixLabors.ImageSharp

https://notcve.org/view.php?id=CVE-2024-27929

ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7. ImageSharp es una librería de gráficos 2D multiplataforma administrada. • https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r • CWE-416: Use After Free •