Moderate severityNVD Advisory· Published Apr 15, 2024· Updated Aug 2, 2024
SixLabors.ImageSharp vulnerable to data leakage
CVE-2024-32036
Description
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
SixLabors.ImageSharpNuGet | < 2.1.8 | 2.1.8 |
SixLabors.ImageSharpNuGet | >= 3.0.0, < 3.1.4 | 3.1.4 |
Affected products
2- Range: < 2.1.8
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-5x7m-6737-26crghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32036ghsaADVISORY
- github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68ghsax_refsource_MISCWEB
- github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588baghsax_refsource_MISCWEB
- github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26crghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.