CVE-2024-32036
15.04.2024, 20:15
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sixlabors | imagesharp | 𝑥 < 2.1.8 |
| sixlabors | imagesharp | 3.1.4 ≤ 𝑥 ≤ 3.1.4 |
| sixlabors | imagesharp | 𝑥 < 2.1.8 |
| sixlabors | imagesharp | 3.0.0 ≤ 𝑥 < 3.1.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-226 - Sensitive Information in Resource Not Removed Before ReuseThe product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
- CWE-212 - Improper Removal of Sensitive Information Before Storage or TransferThe product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
References