CVE - CVE-2024-41132

CVE-ID
CVE-2024-41132	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands URL:https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands MISC:https://docs.sixlabors.com/articles/imagesharp/security.html URL:https://docs.sixlabors.com/articles/imagesharp/security.html MISC:https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 URL:https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 MISC:https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 URL:https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 MISC:https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a URL:https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a MISC:https://github.com/SixLabors/ImageSharp/pull/2759 URL:https://github.com/SixLabors/ImageSharp/pull/2759 MISC:https://github.com/SixLabors/ImageSharp/pull/2764 URL:https://github.com/SixLabors/ImageSharp/pull/2764 MISC:https://github.com/SixLabors/ImageSharp/pull/2770 URL:https://github.com/SixLabors/ImageSharp/pull/2770 MISC:https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23 URL:https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20240715	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240715)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.