U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-41132 Detail

Description

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands Product 
https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands Product 
https://docs.sixlabors.com/articles/imagesharp/security.html Product 
https://docs.sixlabors.com/articles/imagesharp/security.html Product 
https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 Patch 
https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515 Patch 
https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 Patch 
https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56 Patch 
https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a Patch 
https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a Patch 
https://github.com/SixLabors/ImageSharp/pull/2759 Issue Tracking 
https://github.com/SixLabors/ImageSharp/pull/2759 Issue Tracking 
https://github.com/SixLabors/ImageSharp/pull/2764 Issue Tracking 
https://github.com/SixLabors/ImageSharp/pull/2764 Issue Tracking 
https://github.com/SixLabors/ImageSharp/pull/2770 Issue Tracking 
https://github.com/SixLabors/ImageSharp/pull/2770 Issue Tracking 
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23 Vendor Advisory 
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23 Vendor Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-770 Allocation of Resources Without Limits or Throttling cwe source acceptance level NIST  
CWE-789 Memory Allocation with Excessive Size Value GitHub, Inc.  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-41132
NVD Published Date:
07/22/2024
NVD Last Modified:
11/21/2024
Source:
GitHub, Inc.