CVE-2024-32036

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-226
View all →

Vulnerability Description

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.

Related Vulnerabilities

CVE-2023-41138

MEDIUM
CVSS:6.7(Medium)

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CWE-2262023

CVE-2024-21850

HIGH
CVSS:6.0(Medium)

Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privile...

CWE-2262024

CVE-2018-7166

HIGH
CVSS:7.5(High)

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or...

CWE-2262018

CVE-2023-1637

MEDIUM
CVSS:5.5(Medium)

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CP...

CWE-2262023

CVE-2023-3006

MEDIUM
CVSS:5.5(Medium)

A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malici...

CWE-2262023

CVE-2024-38275

HIGH
CVSS:7.5(High)

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CWE-2262024