Volerion logoVolerion
Volerion logoVolerion

SixLabors ImageSharp Out-of-Bounds Write Vulnerability in GIF Decoder Allowing Denial-of-Service

Vulnerability

A high-severity out-of-bounds write vulnerability has been identified in the GIF decoder of SixLabors ImageSharp versions prior to 3.1.7 and 2.1.10. This vulnerability allows attackers to cause a crash by using a specially crafted GIF, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes an access violation exception, leading to a crash of the process that is handling the image. This behavior creates a denial-of-service condition, as the process is terminated unexpectedly.

Reproduction

The vulnerability can be reproduced by loading a specially crafted GIF file using the ImageSharp library. This can be done by using the 'Image.Load' method with the corrupt GIF file as the input. The issue occurs when the GIF decoder processes the image, causing an access violation exception that crashes the application.

Remediation

Users are advised to upgrade to ImageSharp version 3.1.7 or 2.1.10.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.