CVE-2025-27598

HIGH7.5EPSS 0.35%

Out-of-bounds Write in SixLabors ImageSharp

發布日:2025/3/6修改日:2025/3/7

描述

### Impact An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. ### Patches The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10. ### Workarounds None. ### References https://github.com/SixLabors/ImageSharp/issues/2859 https://github.com/SixLabors/ImageSharp/issues/2890

受影響套件(1)

NuGet/SixLabors.ImageSharp>= 3.0.0, < 3.1.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-27598
PATCHhttps://github.com/SixLabors/ImageSharp
WEBhttps://github.com/SixLabors/ImageSharp/issues/2859
WEBhttps://github.com/SixLabors/ImageSharp/pull/2890
WEBhttps://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8