VYPR
Moderate severityNVD Advisory· Published Apr 15, 2024· Updated Aug 2, 2024

Memory Allocation with Excessive Size Value in SixLabors.ImageSharp

CVE-2024-32035

Description

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
SixLabors.ImageSharpNuGet
< 2.1.82.1.8
SixLabors.ImageSharpNuGet
>= 3.0.0, < 3.1.43.1.4

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.