CVE-2024-32036
Severity CVSS v4.0:
Pending analysis
Type:
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
Publication date:
15/04/2024
Last modified:
09/01/2025
Description
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:* | 2.1.8 (excluding) | |
| cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.1.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68
- https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr
- https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68
- https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr