*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.
Path to dependency file: /src/JsonSchema/JsonSchema.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.2/sixlabors.imagesharp.2.1.2.nupkg
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-41131
### Vulnerable Library - sixlabors.imagesharp.2.1.2.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.2.nupkg
Path to dependency file: /src/JsonSchema/JsonSchema.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.2/sixlabors.imagesharp.2.1.2.nupkg
Dependency Hierarchy: - umbraco.forms.core.10.1.0.nupkg (Root Library) - umbraco.cms.web.backoffice.10.0.0.nupkg - umbraco.cms.infrastructure.10.0.0.nupkg - :x: **sixlabors.imagesharp.2.1.2.nupkg** (Vulnerable Library)
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Found in base branch: v10/contrib
### Vulnerability DetailsImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
Publish Date: 2024-07-22
URL: CVE-2024-41131
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
Release Date: 2024-07-22
Fix Resolution: SixLabors.ImageSharp - 2.1.9,3.1.5
CVE-2024-27929
### Vulnerable Library - sixlabors.imagesharp.2.1.2.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.2.nupkg
Path to dependency file: /src/JsonSchema/JsonSchema.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.2/sixlabors.imagesharp.2.1.2.nupkg
Dependency Hierarchy: - umbraco.forms.core.10.1.0.nupkg (Root Library) - umbraco.cms.web.backoffice.10.0.0.nupkg - umbraco.cms.infrastructure.10.0.0.nupkg - :x: **sixlabors.imagesharp.2.1.2.nupkg** (Vulnerable Library)
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Found in base branch: v10/contrib
### Vulnerability DetailsImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.
Publish Date: 2024-03-05
URL: CVE-2024-27929
### CVSS 3 Score Details (7.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r
Release Date: 2024-03-05
Fix Resolution: SixLabors.ImageSharp - 2.1.7,3.1.3
CVE-2024-41132
### Vulnerable Library - sixlabors.imagesharp.2.1.2.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.2.nupkg
Path to dependency file: /src/JsonSchema/JsonSchema.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.2/sixlabors.imagesharp.2.1.2.nupkg
Dependency Hierarchy: - umbraco.forms.core.10.1.0.nupkg (Root Library) - umbraco.cms.web.backoffice.10.0.0.nupkg - umbraco.cms.infrastructure.10.0.0.nupkg - :x: **sixlabors.imagesharp.2.1.2.nupkg** (Vulnerable Library)
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Found in base branch: v10/contrib
### Vulnerability DetailsImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
Publish Date: 2024-07-22
URL: CVE-2024-41132
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-41132
Release Date: 2024-07-22
Fix Resolution: SixLabors.ImageSharp - 2.1.9,3.1.5
CVE-2024-32036
### Vulnerable Library - sixlabors.imagesharp.2.1.2.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.2.nupkg
Path to dependency file: /src/JsonSchema/JsonSchema.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.2/sixlabors.imagesharp.2.1.2.nupkg
Dependency Hierarchy: - umbraco.forms.core.10.1.0.nupkg (Root Library) - umbraco.cms.web.backoffice.10.0.0.nupkg - umbraco.cms.infrastructure.10.0.0.nupkg - :x: **sixlabors.imagesharp.2.1.2.nupkg** (Vulnerable Library)
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Found in base branch: v10/contrib
### Vulnerability DetailsImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
Publish Date: 2024-04-15
URL: CVE-2024-32036
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr
Release Date: 2024-04-15
Fix Resolution: SixLabors.ImageSharp - 2.1.8,3.1.4
CVE-2024-32035
### Vulnerable Library - sixlabors.imagesharp.2.1.2.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.2.nupkg
Path to dependency file: /src/JsonSchema/JsonSchema.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.2/sixlabors.imagesharp.2.1.2.nupkg
Dependency Hierarchy: - umbraco.forms.core.10.1.0.nupkg (Root Library) - umbraco.cms.web.backoffice.10.0.0.nupkg - umbraco.cms.infrastructure.10.0.0.nupkg - :x: **sixlabors.imagesharp.2.1.2.nupkg** (Vulnerable Library)
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Found in base branch: v10/contrib
### Vulnerability DetailsImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.
Publish Date: 2024-04-15
URL: CVE-2024-32035
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7
Release Date: 2024-04-15
Fix Resolution: SixLabors.ImageSharp - 2.1.8,3.1.4