漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks
Vulnerability Description
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
ImageSharp 安全漏洞
Vulnerability Description
ImageSharp是Six Labors开源的一款全新的、功能齐全、管理全面、跨平台的二维图形 API。 ImageSharp 2.1.11之前版本和3.0.0至3.1.10版本存在安全漏洞,该漏洞源于处理特制GIF文件时可能进入无限循环,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A