CVE-2024-32036
EUVD-2024-110815.04.2024, 20:15
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| sixlabors | imagesharp | 𝑥 < 2.1.8 |
| sixlabors | imagesharp | 3.0.0 ≤ 𝑥 < 3.1.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| sixlabors | imagesharp | 𝑥 < 2.1.8 | ADP |
| sixlabors | imagesharp | 3.0.0 ≤ 𝑥 ≤ 3.1.4 | ADP |
Common Weakness Enumeration
- CWE-226 - Sensitive Information in Resource Not Removed Before ReuseThe product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
- CWE-212 - Improper Removal of Sensitive Information Before Storage or TransferThe product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
References