PT-2024-24371 · Unknown · Imagesharp
Jimbobsquarepants
·
Published
2024-04-15
·
Updated
2025-01-09
·
CVE-2024-32036
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ImageSharp versions prior to 2.1.8
ImageSharp versions prior to 3.1.4
Description
A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This issue is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.
Recommendations
For versions prior to 2.1.8, upgrade to version 2.1.8 to resolve the issue.
For versions prior to 3.1.4, upgrade to version 3.1.4 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Imagesharp