CVE-2024-32036

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32036
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68
https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr
Configurations

No configuration.

History

16 Apr 2024, 23:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1 		v2 : unknown
v3 : 5.3

16 Apr 2024, 22:15

Type Values Removed Values Added
CWE CWE-416
Summary (en) ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8. (en) ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.

16 Apr 2024, 13:24

Type Values Removed Values Added
Summary
  • (es) ImageSharp es una API de gráficos 2D. Se encontró una falla de heap-use-after-free en los decodificadores JPEG y TGA de ImageSharp. Esta vulnerabilidad se activa cuando un atacante pasa un archivo de imagen JPEG o TGA especialmente manipulado a ImageSharp para su conversión, lo que podría provocar la divulgación de información. El problema se solucionó en v3.1.4 y v2.1.8.

15 Apr 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-15 20:15

Updated : 2024-04-16 23:15

NVD link : CVE-2024-32036

Mitre link : CVE-2024-32036

CVE.ORG link : CVE-2024-32036

JSON object : View

Products Affected

No product.

CWE
CWE-226

Sensitive Information in Resource Not Removed Before Reuse


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024