CVE-2024-41131

ADVISORY - github

Summary

Impact

An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.

Patches

The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.

Workarounds

None.

References

https://github.com/SixLabors/ImageSharp/pull/2754 https://github.com/SixLabors/ImageSharp/pull/2756

EPSS Score⁠: 0.00709 (0.714)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-787⁠

Out-of-bounds Write

ADVISORY - github

CWE-787⁠

Out-of-bounds Write

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-787⁠

Out-of-bounds Write

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.