CVE-2024-41132

EPSS 0.77%
Veröffentlicht 22.07.2024 15:15:04
Zuletzt bearbeitet 21.11.2024 09:32:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 12

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sixlabors ≫ Imagesharp Version >= 2.1.0 < 2.1.9

Sixlabors ≫ Imagesharp Version >= 3.1.0 < 3.1.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.77%	0.509

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands

Product

https://docs.sixlabors.com/articles/imagesharp/security.html

Product

https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515

Patch

https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56

Patch

https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a

Patch

https://github.com/SixLabors/ImageSharp/pull/2759

Issue Tracking

https://github.com/SixLabors/ImageSharp/pull/2764

Issue Tracking

https://github.com/SixLabors/ImageSharp/pull/2770

Issue Tracking

https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-41132

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41132

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41132

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-41132