Vulnerability Description
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sixlabors | Imagesharp | < 2.1.8 |
Related Weaknesses (CWE)
References
- https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8Patch
- https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15Patch
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26crVendor Advisory
- https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8Patch
- https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15Patch
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26crVendor Advisory
FAQ
What is CVE-2024-32036?
CVE-2024-32036 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file...
How severe is CVE-2024-32036?
CVE-2024-32036 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-32036?
Check the references section above for vendor advisories and patch information. Affected products include: Sixlabors Imagesharp.