CVE-2024-41131

ADVISORY - github

Summary

Impact

An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.

Workarounds

None.

References

https://github.com/SixLabors/ImageSharp/pull/2754 https://github.com/SixLabors/ImageSharp/pull/2756

EPSS Score⁠: 0.00709 (0.714)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-787⁠

Out-of-bounds Write

ADVISORY - github

CWE-787⁠

Out-of-bounds Write

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-787⁠

Out-of-bounds Write

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

10 months ago

ADVISORY IDCVE-2024-41131⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-787⁠

CVSS SCORE

7.5high

GitHub

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDGHSA-63p8-c4ww-9cg7⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-787⁠

CVSS SCORE

8.7high

GitLab

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CVE-2024-41131

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-787⁠CWE-937⁠

CVSS SCORE

7.5high