-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsafe image parsing in System.Drawing.Common's Unix implementation (libgdiplus). The primary attack vector would be through image loading APIs like Image.FromStream and Bitmap constructors that process untrusted streams. These functions interface with native code where memory corruption occurs. While exact patch details aren't visible, Microsoft's advisory explicitly calls out graphics file parsing as the vulnerable path, and these are the canonical entry points for such operations in the affected library.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| System.Drawing.Common | nuget | >= 4.0.0, < 4.7.2 | 4.7.2 |
| System.Drawing.Common | nuget | >= 5.0.0, < 5.0.3 | 5.0.3 |
C#C#Ongoing coverage of React2Shell