GHSA-2cmq-823j-5qj8

Source

https://github.com/advisories/GHSA-2cmq-823j-5qj8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-2cmq-823j-5qj8/GHSA-2cmq-823j-5qj8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2cmq-823j-5qj8

Aliases

CVE-2025-27598

Published

2025-03-06T22:23:48Z

Modified

2025-03-07T14:20:24.439259Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Out-of-bounds Write in SixLabors ImageSharp

Details

Impact

An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.

Workarounds

None.

References

https://github.com/SixLabors/ImageSharp/issues/2859 https://github.com/SixLabors/ImageSharp/issues/2890

Database specific

{
    "nvd_published_at": "2025-03-06T23:15:12Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-06T22:23:48Z"
}

References

Affected packages

NuGet / SixLabors.ImageSharp

Package

Name: SixLabors.ImageSharp; View open source insights on deps.dev
Purl: pkg:nuget/SixLabors.ImageSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.1.7

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

NuGet / SixLabors.ImageSharp

Package

Name: SixLabors.ImageSharp; View open source insights on deps.dev
Purl: pkg:nuget/SixLabors.ImageSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.10

Affected versions

1.*

1.0.0-beta0001

1.0.0-beta0002

1.0.0-beta0003

1.0.0-beta0004

1.0.0-beta0005

1.0.0-beta0006

1.0.0-beta0007

1.0.0-rc0001

1.0.0-rc0002

1.0.0-rc0003

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9