NuGet package
sixlabors.imagesharp
pkg:nuget/sixlabors.imagesharp
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54575 | Med | 5.3 | < 2.1.11 | 2.1.11 | Jul 30, 2025 | ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to | |
| CVE-2025-27598 | — | >= 3.0.0, < 3.1.7 | 3.1.7 | Mar 6, 2025 | ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advis | ||
| CVE-2024-41132 | — | < 2.1.9 | 2.1.9 | Jul 22, 2024 | ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are de | ||
| CVE-2024-41131 | — | < 2.1.9 | 2.1.9 | Jul 22, 2024 | ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2. | ||
| CVE-2024-32036 | — | < 2.1.8 | 2.1.8 | Apr 15, 2024 | ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information fr | ||
| CVE-2024-32035 | — | < 2.1.8 | 2.1.8 | Apr 15, 2024 | ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are des | ||
| CVE-2024-27929 | — | >= 3.0.0, < 3.1.3 | 3.1.3 | Mar 5, 2024 | ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for co |
- affected < 2.1.11fixed 2.1.11
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to
- CVE-2025-27598Mar 6, 2025affected >= 3.0.0, < 3.1.7fixed 3.1.7
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advis
- CVE-2024-41132Jul 22, 2024affected < 2.1.9fixed 2.1.9
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are de
- CVE-2024-41131Jul 22, 2024affected < 2.1.9fixed 2.1.9
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.
- CVE-2024-32036Apr 15, 2024affected < 2.1.8fixed 2.1.8
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information fr
- CVE-2024-32035Apr 15, 2024affected < 2.1.8fixed 2.1.8
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are des
- CVE-2024-27929Mar 5, 2024affected >= 3.0.0, < 3.1.3fixed 3.1.3
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for co