CVE-2025-27598
Published: 06 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-27598 is an Out-of-bounds Write vulnerability (CWE-787) in the GIF decoder component of ImageSharp, a 2D graphics API. The flaw enables processing of a specially crafted GIF image to trigger an out-of-bounds write, published on 2025-03-06 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low attack complexity. Successful exploitation causes a crash in applications using the affected ImageSharp GIF decoder, potentially resulting in denial of service.
The issue has been patched in ImageSharp versions 3.1.7 and 2.1.10, with users advised to upgrade immediately. Details are available in the GitHub security advisory (GHSA-2cmq-823j-5qj8), issue tracker (#2859), and pull request (#2890).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The out-of-bounds write vulnerability in the GIF decoder directly enables remote exploitation causing application crash and denial of service, mapping to application or system exploitation under endpoint DoS.