CVE-2024-32035

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

15/04/2024

Last modified:

09/01/2025

Description

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low

Base Score 3.x

5.30

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:sixlabors:imagesharp::::::::		2.1.8 (excluding)
cpe:2.3:a:sixlabors:imagesharp::::::::	3.0.0 (including)	3.1.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CVE-2024-32035

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools