Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-54575
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks
Source: NVD (National Vulnerability Database)
Vulnerability Description
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ImageSharp 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ImageSharp是Six Labors开源的一款全新的、功能齐全、管理全面、跨平台的二维图形 API。 ImageSharp 2.1.11之前版本和3.0.0至3.1.10版本存在安全漏洞,该漏洞源于处理特制GIF文件时可能进入无限循环,导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
SixLaborsImageSharp < 2.1.11 -
II. Public POCs for CVE-2025-54575
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-54575
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: ImageSharp
Same vendor: SixLabors
Same weakness: CWE-400
V. Comments for CVE-2025-54575

No comments yet

Leave a comment