Jimbobsquarepants

**Name of the Vulnerable Software and Affected Versions** ImageSharp versions prior to 2.1.8 ImageSharp versions prior to 3.1.4 **Description** A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This issue is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. **Recommendations** For versions prior to 2.1.8, upgrade to version 2.1.8 to resolve the issue. For versions prior to 3.1.4, upgrade to version 3.1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageSharp versions prior to 2.1.7 ImageSharp versions prior to 3.1.3 **Description** A heap-use-after-free flaw was found in ImageSharp's `InitializeImage()` function of PngDecoderCore.cs file. This issue is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. **Recommendations** For versions prior to 2.1.7, upgrade to version 2.1.7 to resolve the issue. For versions prior to 3.1.3, upgrade to version 3.1.3 to resolve the issue. As a temporary workaround, consider avoiding the use of the `InitializeImage()` function in the PngDecoderCore.cs file until a patch is applied.