Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SixLabors.ImageSharp vulnerable to data leakage
Vulnerability Description
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
在释放前未清除敏感信息
Vulnerability Title
ImageSharp 安全漏洞
Vulnerability Description
ImageSharp是ImageSharp公司的一种新的、功能齐全、完全托管、跨平台的 2D 图形 API。 ImageSharp v3.1.4 之前、v2.1.8之前版本存在安全漏洞,该漏洞源于 ImageSharp 的 JPEG 和 TGA 解码器中发现了堆释放后重用缺陷,当攻击者将特制的 JPEG 或 TGA 图像文件传递给 ImageSharp 进行转换时,会触发此漏洞,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A