Headline
GHSA-5x7m-6737-26cr: SixLabors.ImageSharp vulnerable to Use After Free
Impact
A data leakage flaw was found in ImageSharp’s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.4 or v2.1.8.
Workarounds
None
References
None
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-32036
SixLabors.ImageSharp vulnerable to Use After Free
High severity GitHub Reviewed Published Apr 15, 2024 in SixLabors/ImageSharp • Updated Apr 15, 2024
Package
nuget SixLabors.ImageSharp (NuGet)
Affected versions
< 2.1.8
>= 3.0.0, < 3.1.4
Patched versions
2.1.8
3.1.4
Impact
A data leakage flaw was found in ImageSharp’s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.4 or v2.1.8.
Workarounds
None
References
None
References
- GHSA-5x7m-6737-26cr
- SixLabors/ImageSharp@8f0b4d3
- SixLabors/ImageSharp@da5f09a
Published to the GitHub Advisory Database
Apr 15, 2024
Last updated
Apr 15, 2024