CVE-2024-41131
Out-of-bounds Write vulnerability in SixLabors.ImageSharp (NuGet)
What is CVE-2024-41131 About?
This Out-of-bounds Write vulnerability in the ImageSharp GIF decoder can be triggered by a specially crafted GIF, leading to an application crash. Successful exploitation can result in a denial of service. The vulnerability is relatively easy to exploit by providing a malicious GIF file.
Affected Software
- SixLabors.ImageSharp
- <2.1.9
- >3.0.0, <3.1.5
Technical Details
The ImageSharp GIF decoder contains an Out-of-bounds Write vulnerability. When a specially crafted GIF file is processed, the decoder attempts to write data beyond the allocated buffer boundaries. This memory corruption can lead to a crash of the application using the library. Attackers can create a GIF file that, for example, specifies dimensions or data offsets that cause the write operation to occur outside the intended memory region, resulting in a denial of service condition.
What is the Impact of CVE-2024-41131?
Successful exploitation may allow attackers to cause a denial of service, leading to system instability or unresponsiveness.
What is the Exploitability of CVE-2024-41131?
Exploiting this vulnerability requires crafting a malicious GIF file and providing it to an application that uses the vulnerable ImageSharp library. This is a low complexity attack, requiring no authentication or special privileges. It is typically a remote attack if the application processes user-supplied images. The main condition is that the target application uses the vulnerable GIF decoder. Applications that handle untrusted image uploads are at a higher risk.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-41131?
Available Upgrade Options
- SixLabors.ImageSharp
- <2.1.9 → Upgrade to 2.1.9
- SixLabors.ImageSharp
- >3.0.0, <3.1.5 → Upgrade to 3.1.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/SixLabors/ImageSharp/pull/2754
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
- https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
- https://osv.dev/vulnerability/GHSA-63p8-c4ww-9cg7
- https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693
- https://github.com/SixLabors/ImageSharp/pull/2756
- https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb
- https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7
- https://github.com/SixLabors/ImageSharp/pull/2754
- https://nvd.nist.gov/vuln/detail/CVE-2024-41131
What are Similar Vulnerabilities to CVE-2024-41131?
Similar Vulnerabilities: CVE-2025-27598 , CVE-2024-41132 , CVE-2025-54575 , CVE-2024-40667 , CVE-2024-40668
