GHSA-65x7-c272-7g7r

Source
https://github.com/advisories/GHSA-65x7-c272-7g7r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-65x7-c272-7g7r/GHSA-65x7-c272-7g7r.json
Aliases
  • CVE-2024-27929
Published
2024-03-05T16:26:15Z
Modified
2024-03-06T22:02:45.926986Z
Details

Impact

A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.3 or v2.1.7.

Workarounds

None

References

None

References

Affected packages

NuGet / SixLabors.ImageSharp

Package

Name
SixLabors.ImageSharp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.1.3

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2

NuGet / SixLabors.ImageSharp

Package

Name
SixLabors.ImageSharp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.1.7

Affected versions

1.*

1.0.0-beta0001
1.0.0-beta0002
1.0.0-beta0003
1.0.0-beta0004
1.0.0-beta0005
1.0.0-beta0006
1.0.0-beta0007
1.0.0-rc0001
1.0.0-rc0002
1.0.0-rc0003
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4

2.*

2.0.0
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6