GHSA-5x7m-6737-26cr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5x7m-6737-26cr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-5x7m-6737-26cr/GHSA-5x7m-6737-26cr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5x7m-6737-26cr
- Aliases
- Published
- 2024-04-15T20:24:06Z
- Modified
- 2024-04-16T23:01:19.317873Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- SixLabors.ImageSharp vulnerable to data leakage
- Details
-
Impact
A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.4 or v2.1.8.
Workarounds
None
References
None
- Database specific
{ "nvd_published_at": "2024-04-15T20:15:11Z", "cwe_ids": [ "CWE-226" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-15T20:24:06Z" }- References
-
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr
- https://nvd.nist.gov/vuln/detail/CVE-2024-32036
- https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68
- https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba
- https://github.com/SixLabors/ImageSharp
Affected packages
NuGet / SixLabors.ImageSharp
Package
- Name
- SixLabors.ImageSharp
- View open source insights on deps.dev
- Purl
- pkg:nuget/SixLabors.ImageSharp
NuGet / SixLabors.ImageSharp
Package
- Name
- SixLabors.ImageSharp
- View open source insights on deps.dev
- Purl
- pkg:nuget/SixLabors.ImageSharp