CVE-2024-27929
HIGH7.1EPSS 0.06%Use After Free in SixLabors.ImageSharp
發布日:2024/3/5修改日:2024/3/6
描述
### Impact A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. ### Patches The problem has been patched. All users are advised to upgrade to v3.1.3 or v2.1.7. ### Workarounds None ### References None
受影響套件(1)
- NuGet/SixLabors.ImageSharp>= 3.0.0, < 3.1.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |