PT-2024-5252 · Unknown · Imagesharp
Erazerbrecht
·
Published
2024-06-26
·
Updated
2024-09-11
·
CVE-2024-41132
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
ImageSharp versions prior to 3.1.5
ImageSharp versions prior to 2.1.9
Description:
A vulnerability in the ImageSharp library can lead to excessive memory usage in the Gif decoder when processing specially crafted files. This issue is triggered when ImageSharp attempts to process image files designed to exploit this flaw. The vulnerability may allow a remote attacker to cause a denial of service.
Recommendations:
For versions prior to 3.1.5, upgrade to v3.1.5.
For versions prior to 2.1.9, upgrade to v2.1.9.
As a temporary workaround, before calling
Image.Decode(Async), use Image.Identify to determine the image dimensions in order to enforce a limit.Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Imagesharp