CVE-2025-27598

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
sixlaborsimagesharp
𝑥
< 2.1.10
sixlaborsimagesharp
3.0.0 ≤
𝑥
< 3.1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/SixLabors/ImageSharp/issues/2859
https://github.com/SixLabors/ImageSharp/pull/2890
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8
https://github.com/SixLabors/ImageSharp/issues/2859