CVE-2025-54575

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54575

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54575.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-54575

Aliases

GHSA-rxmq-m78w-7wmc

Published

2025-07-30T20:15:37Z

Modified

2025-07-31T20:50:56.361748Z

Summary

[none]

Details

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.

References

Affected packages

Git / github.com/sixlabors/imagesharp

Affected ranges

Type: GIT
Repo: https://github.com/sixlabors/imagesharp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

55e49262df9a057dff9b7807ed1b7bdb49187c3f

Fixed

833f3ceec35af6b775950e06f03b934546cefbf6

Affected versions

v1.*

v1.0.3

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.10

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6