CVE-2024-32036

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32036
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68
https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr
Configurations

No configuration.

History

16 Apr 2024, 23:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1 		v2 : unknown
v3 : 5.3

16 Apr 2024, 22:15

Type Values Removed Values Added
Summary (en) ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8. (en) ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
CWE CWE-416

16 Apr 2024, 13:24

Type Values Removed Values Added
Summary
  • (es) ImageSharp es una API de gráficos 2D. Se encontró una falla de heap-use-after-free en los decodificadores JPEG y TGA de ImageSharp. Esta vulnerabilidad se activa cuando un atacante pasa un archivo de imagen JPEG o TGA especialmente manipulado a ImageSharp para su conversión, lo que podría provocar la divulgación de información. El problema se solucionó en v3.1.4 y v2.1.8.

15 Apr 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-15 20:15

Updated : 2024-04-16 23:15

NVD link : CVE-2024-32036

Mitre link : CVE-2024-32036

CVE.ORG link : CVE-2024-32036

JSON object : View

Products Affected

No product.

CWE
CWE-226

Sensitive Information in Resource Not Removed Before Reuse