Vulnerability Details CVE-2024-41131
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693
- https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
- https://github.com/SixLabors/ImageSharp/pull/2754
- https://github.com/SixLabors/ImageSharp/pull/2756
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
- https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693
- https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
- https://github.com/SixLabors/ImageSharp/pull/2754
- https://github.com/SixLabors/ImageSharp/pull/2756
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
Products affected by CVE-2024-41131
-
cpe:2.3:a:sixlabors:imagesharp:2.1.0
-
cpe:2.3:a:sixlabors:imagesharp:2.1.1
-
cpe:2.3:a:sixlabors:imagesharp:2.1.2
-
cpe:2.3:a:sixlabors:imagesharp:2.1.3
-
cpe:2.3:a:sixlabors:imagesharp:2.1.4
-
cpe:2.3:a:sixlabors:imagesharp:2.1.5
-
cpe:2.3:a:sixlabors:imagesharp:2.1.6
-
cpe:2.3:a:sixlabors:imagesharp:2.1.7
-
cpe:2.3:a:sixlabors:imagesharp:2.1.8
-
cpe:2.3:a:sixlabors:imagesharp:3.1.0
-
cpe:2.3:a:sixlabors:imagesharp:3.1.1
-
cpe:2.3:a:sixlabors:imagesharp:3.1.2
-
cpe:2.3:a:sixlabors:imagesharp:3.1.3
-
cpe:2.3:a:sixlabors:imagesharp:3.1.4