{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32035", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-09T15:29:35.939Z", "datePublished": "2024-04-15T19:59:59.530Z", "dateUpdated": "2024-08-02T02:06:42.839Z"}, "containers": {"cna": {"title": "Memory Allocation with Excessive Size Value in SixLabors.ImageSharp", "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"}, {"name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "tags": ["x_refsource_MISC"], "url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"}, {"name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "tags": ["x_refsource_MISC"], "url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"}, {"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "tags": ["x_refsource_MISC"], "url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"}, {"name": "https://docs.sixlabors.com/articles/imagesharp/security.html", "tags": ["x_refsource_MISC"], "url": "https://docs.sixlabors.com/articles/imagesharp/security.html"}], "affected": [{"vendor": "SixLabors", "product": "ImageSharp", "versions": [{"version": "< 2.1.8", "status": "affected"}, {"version": ">= 3.0.0, < 3.1.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-15T19:59:59.530Z"}, "descriptions": [{"lang": "en", "value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8."}], "source": {"advisory": "GHSA-g85r-6x2q-45w7", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32035", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-20T19:24:51.431151Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:*"], "vendor": "sixlabors", "product": "imagesharp", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.1.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:51:49.085Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:42.839Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"}, {"name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"}, {"name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"}, {"name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"}, {"name": "https://docs.sixlabors.com/articles/imagesharp/security.html", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.sixlabors.com/articles/imagesharp/security.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://docs.sixlabors.com/articles/imagesharp/security.html", "name": "https://docs.sixlabors.com/articles/imagesharp/security.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:42.839Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32035", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-20T19:24:51.431151Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sixlabors:imagesharp:-:*:*:*:*:*:*:*"], "vendor": "sixlabors", "product": "imagesharp", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.1.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-20T19:28:13.736Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Memory Allocation with Excessive Size Value in SixLabors.ImageSharp", "source": {"advisory": "GHSA-g85r-6x2q-45w7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "SixLabors", "product": "ImageSharp", "versions": [{"status": "affected", "version": "< 2.1.8"}, {"status": "affected", "version": ">= 3.0.0, < 3.1.4"}]}], "references": [{"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "name": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "name": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "name": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27", "tags": ["x_refsource_MISC"]}, {"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "name": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands", "tags": ["x_refsource_MISC"]}, {"url": "https://docs.sixlabors.com/articles/imagesharp/security.html", "name": "https://docs.sixlabors.com/articles/imagesharp/security.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789: Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-15T19:59:59.530Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32035", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:06:42.839Z", "dateReserved": "2024-04-09T15:29:35.939Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-15T19:59:59.530Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8."}, {"lang": "es", "value": "ImageSharp es una API de gr\u00e1ficos 2D. Una vulnerabilidad descubierta en la librer\u00eda ImageSharp, donde el procesamiento de archivos especialmente manipulados puede provocar un uso excesivo de memoria en los decodificadores de im\u00e1genes. La vulnerabilidad se activa cuando ImageSharp intenta procesar archivos de imagen manipulados para explotar esta falla. Esta falla puede explotarse para provocar una denegaci\u00f3n de servicio (DoS) al agotar la memoria del proceso, afectando as\u00ed a las aplicaciones y servicios que dependen de ImageSharp para las tareas de procesamiento de im\u00e1genes. Se recomienda a los usuarios y administradores que actualicen a la \u00faltima versi\u00f3n de ImageSharp que solucione esta vulnerabilidad para mitigar el riesgo de explotaci\u00f3n. El problema se solucion\u00f3 en v3.1.4 y v2.1.8."}], "id": "CVE-2024-32035", "lastModified": "2024-04-16T13:24:07.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-15T20:15:11.323", "references": [{"source": "security-advisories@github.com", "url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands"}, {"source": "security-advisories@github.com", "url": "https://docs.sixlabors.com/articles/imagesharp/security.html"}, {"source": "security-advisories@github.com", "url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3"}, {"source": "security-advisories@github.com", "url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27"}, {"source": "security-advisories@github.com", "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}