CVE-2024-32036: SixLabors.ImageSharp vulnerable to data leakage
(updated )
A data leakage flaw was found in ImageSharp’s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer.
References
- github.com/SixLabors/ImageSharp
- github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68
- github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba
- github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr
- github.com/advisories/GHSA-5x7m-6737-26cr
- nvd.nist.gov/vuln/detail/CVE-2024-32036
Code Behaviors & Features
Detect and mitigate CVE-2024-32036 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →