GHSA-63p8-c4ww-9cg7

Suggest an improvement
Source
https://github.com/advisories/GHSA-63p8-c4ww-9cg7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-63p8-c4ww-9cg7/GHSA-63p8-c4ww-9cg7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-63p8-c4ww-9cg7
Aliases
Related
Published
2024-07-22T17:42:07Z
Modified
2024-07-22T17:58:12.642382Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
SixLabors ImageSharp Out-of-bounds Write
Details

Impact

An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.

Workarounds

None.

References

https://github.com/SixLabors/ImageSharp/pull/2754 https://github.com/SixLabors/ImageSharp/pull/2756

Database specific 
{
    "severity": "HIGH",
    "github_reviewed_at": "2024-07-22T17:42:07Z",
    "nvd_published_at": "2024-07-22T15:15:03Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "github_reviewed": true
}
References

Affected packages

NuGet / SixLabors.ImageSharp

Package

Name
SixLabors.ImageSharp
View open source insights on deps.dev
Purl
pkg:nuget/SixLabors.ImageSharp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.9

Affected versions

1.*

1.0.0-beta0001
1.0.0-beta0002
1.0.0-beta0003
1.0.0-beta0004
1.0.0-beta0005
1.0.0-beta0006
1.0.0-beta0007
1.0.0-rc0001
1.0.0-rc0002
1.0.0-rc0003
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4

2.*

2.0.0
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8

NuGet / SixLabors.ImageSharp

Package

Name
SixLabors.ImageSharp
View open source insights on deps.dev
Purl
pkg:nuget/SixLabors.ImageSharp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.1.5

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4