Advisories for Nuget/SixLabors.ImageSharp package

2024

SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value

A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. …

SixLabors.ImageSharp vulnerable to data leakage

A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.

Use After Free in SixLabors.ImageSharp

Impact A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. Patches The problem has been patched. All users are advised to upgrade to v3.1.3 or v2.1.7. Workarounds None References None