GHSA-65x7-c272-7g7r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-65x7-c272-7g7r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-65x7-c272-7g7r/GHSA-65x7-c272-7g7r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-65x7-c272-7g7r
- Aliases
-
- CVE-2024-27929
- Published
- 2024-03-05T16:26:15Z
- Modified
- 2024-03-06T22:02:45.926986Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- Use After Free in SixLabors.ImageSharp
- Details
-
Impact
A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.3 or v2.1.7.
Workarounds
None
References
None
- Database specific
{ "nvd_published_at": "2024-03-05T17:15:07Z", "cwe_ids": [ "CWE-416" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-03-05T16:26:15Z" }- References
Affected packages
NuGet / SixLabors.ImageSharp
Package
- Name
- SixLabors.ImageSharp
- View open source insights on deps.dev
- Purl
- pkg:nuget/SixLabors.ImageSharp
NuGet / SixLabors.ImageSharp
Package
- Name
- SixLabors.ImageSharp
- View open source insights on deps.dev
- Purl
- pkg:nuget/SixLabors.ImageSharp