Out-of-bounds Write in SixLabors ImageSharp
Package
Affected versions
>= 3.0.0, < 3.1.7
< 2.1.10
Patched versions
3.1.7
2.1.10
Description
Published to the GitHub Advisory Database
Mar 6, 2025
Reviewed
Mar 6, 2025
Last updated
Mar 6, 2025
Impact
An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.
Patches
The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.
Workarounds
None.
References
SixLabors/ImageSharp#2859
SixLabors/ImageSharp#2890
References