A specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version.
The problem has been patched. All users are advised to upgrade to v3.1.11 or v2.1.11.
None.
{ "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2025-07-30T13:23:01Z", "cwe_ids": [ "CWE-400", "CWE-770" ], "nvd_published_at": "2025-07-30T20:15:37Z" }