CVE-2024-32036 Information

Description

ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp’s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8.

Reference

https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68 https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba