Security
Headlines

Headlines Latest CVEs

Headline

GHSA-65x7-c272-7g7r: Use After Free in SixLabors.ImageSharp

Impact

A heap-use-after-free flaw was found in ImageSharp’s InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.3

Workarounds

None

References

None

11 months ago

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-27929

Use After Free in SixLabors.ImageSharp

High severity GitHub Reviewed Published Mar 5, 2024 in SixLabors/ImageSharp • Updated Mar 5, 2024

Package

nuget SixLabors.ImageSharp (NuGet)

Affected versions

< 3.1.3

Impact

A heap-use-after-free flaw was found in ImageSharp’s InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.3

Workarounds

None

References

None

References

GHSA-65x7-c272-7g7r

Published to the GitHub Advisory Database

Mar 5, 2024

ghsa: Latest News

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

9 hours ago

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

9 hours ago

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

11 hours ago

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

11 hours ago

GHSA-9crc-q9x8-hgqq: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

13 hours ago