CVE-2025-27598

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27598
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. The problem has been patched. All users are advised to upgrade to v3.1.7 or v2.1.10.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/SixLabors/ImageSharp/issues/2859 Exploit Issue Tracking
https://github.com/SixLabors/ImageSharp/pull/2890 Issue Tracking Patch
https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8 Vendor Advisory
https://github.com/SixLabors/ImageSharp/issues/2859 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*
cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*
History

24 Mar 2025, 18:36

Type Values Removed Values Added
Summary
  • (es) ImageSharp es una API de gráficos 2D. Se ha encontrado una vulnerabilidad de escritura fuera de los límites en el decodificador de gifs de ImageSharp, que permite a los atacantes provocar un bloqueo utilizando un gif especialmente manipulado. Esto puede provocar una denegación de servicio. El problema ha sido corregido. Se recomienda a todos los usuarios que actualicen a la versión 3.1.7 o 2.1.10.
References () https://github.com/SixLabors/ImageSharp/issues/2859 - () https://github.com/SixLabors/ImageSharp/issues/2859 - Exploit, Issue Tracking
References () https://github.com/SixLabors/ImageSharp/pull/2890 - () https://github.com/SixLabors/ImageSharp/pull/2890 - Issue Tracking, Patch
References () https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8 - () https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-2cmq-823j-5qj8 - Vendor Advisory
CPE cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*
First Time Sixlabors
Sixlabors imagesharp

07 Mar 2025, 20:15

Type Values Removed Values Added
References () https://github.com/SixLabors/ImageSharp/issues/2859 - () https://github.com/SixLabors/ImageSharp/issues/2859 -

06 Mar 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-06 23:15

Updated : 2025-03-24 18:36

NVD link : CVE-2025-27598

Mitre link : CVE-2025-27598

CVE.ORG link : CVE-2025-27598

JSON object : View

Products Affected

sixlabors

  • imagesharp
CWE
CWE-787

Out-of-bounds Write