CVE-2024-32036

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
Configurations

No configuration.

History

16 Apr 2024, 23:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 5.3

16 Apr 2024, 22:15

Type Values Removed Values Added
CWE CWE-416
Summary (en) ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8. (en) ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.

16 Apr 2024, 13:24

Type Values Removed Values Added
Summary
  • (es) ImageSharp es una API de gráficos 2D. Se encontró una falla de heap-use-after-free en los decodificadores JPEG y TGA de ImageSharp. Esta vulnerabilidad se activa cuando un atacante pasa un archivo de imagen JPEG o TGA especialmente manipulado a ImageSharp para su conversión, lo que podría provocar la divulgación de información. El problema se solucionó en v3.1.4 y v2.1.8.

15 Apr 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-15 20:15

Updated : 2024-04-16 23:15


NVD link : CVE-2024-32036

Mitre link : CVE-2024-32036

CVE.ORG link : CVE-2024-32036


JSON object : View

Products Affected

No product.

CWE
CWE-226

Sensitive Information in Resource Not Removed Before Reuse