Improper Removal of Sensitive Information Before Storage or Transfer

CVE-2024-32036

Medium

6.5/10

Summary

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. This issue affects the package SixLabors.ImageSharp versions through 2.1.7 and 3.0.0 through 3.1.3.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References

Advisory Timeline

Published Apr 15, 2024

Improper Removal of Sensitive Information Before Storage or Transfer

CVE-2024-32036

Summary

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS