CVE-2025-54575
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-07-31
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sixlabors | imagesharp | 2.1.11 |
| sixlabors | imagesharp | * |
| sixlabors | imagesharp | 3.1.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the ImageSharp 2D graphics library's GIF decoder. When it processes a specially crafted GIF file with a malformed comment extension block that lacks a proper block terminator, the decoder can enter an infinite loop while trying to skip this block. This causes the application to hang or crash, resulting in a denial of service.
How can this vulnerability impact me? :
If your application uses the affected versions of ImageSharp to process untrusted GIF files, an attacker can exploit this vulnerability by sending a malicious GIF that causes the application to enter an infinite loop. This leads to a denial of service, potentially making your application unresponsive or unavailable.
What immediate steps should I take to mitigate this vulnerability?
Upgrade ImageSharp to version 2.1.11 or 3.1.11 or later to fix the vulnerability. Avoid processing untrusted GIF files until the upgrade is applied.