CVE-2025-27598

HIGH7.5EPSS 0.35%

Out-of-bounds Write in SixLabors ImageSharp

Published: 3/6/2025Modified: 3/7/2025

Description

### Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. ### Patches The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10. ### Workarounds None. ### References https://github.com/SixLabors/ImageSharp/issues/2859 https://github.com/SixLabors/ImageSharp/issues/2890

Affected packages (1)

NuGet/SixLabors.ImageSharp>= 3.0.0, < 3.1.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-27598
PATCHhttps://github.com/SixLabors/ImageSharp
WEBhttps://github.com/SixLabors/ImageSharp/issues/2859
WEBhttps://github.com/SixLabors/ImageSharp/pull/2890
WEBhttps://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8