GHSA-5x7m-6737-26cr

Source

https://github.com/advisories/GHSA-5x7m-6737-26cr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-5x7m-6737-26cr/GHSA-5x7m-6737-26cr.json

Aliases

CVE-2024-32036

Published

2024-04-15T20:24:06Z

Modified

2024-04-16T23:01:19.317873Z

Details

Impact

A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.4 or v2.1.8.

Workarounds

None

References

None

References

Affected packages

NuGet / SixLabors.ImageSharp

Package

Name: SixLabors.ImageSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.1.8

Affected versions

1.*

1.0.0-beta0001

1.0.0-beta0002

1.0.0-beta0003

1.0.0-beta0004

1.0.0-beta0005

1.0.0-beta0006

1.0.0-beta0007

1.0.0-rc0001

1.0.0-rc0002

1.0.0-rc0003

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

NuGet / SixLabors.ImageSharp

Package

Name: SixLabors.ImageSharp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.1.4

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.1.0

3.1.1

3.1.2

3.1.3