CVE-2021-24112: .NET Core Graphics File Parsing Remote Code Execution Vulnerability

CVE-2021-24112 identifies a critical remote code execution vulnerability in .NET Core's System.Drawing.Common library that enables attackers to execute arbitrary code through malicious graphics file parsing on macOS and Linux systems. This vulnerability affects System.Drawing.Common versions 4.0.0 through 4.7.1 and 5.0.0 through 5.0.2, achieving a CVSS score of 9.8 (Critical severity) according to NIST, though Microsoft assessed it as 8.1 (High), with an EPSS score of 64.8 percentile and 0.5% exploitation probability, indicating significant risk for .NET applications processing graphics content on Unix-based platforms. The vulnerability details reveal that unsafe image parsing in the Unix implementation (libgdiplus) creates memory corruption opportunities when processing untrusted graphics files through standard .NET image loading APIs, making this CVE unique from CVE-2021-26701 and specifically targeting non-Windows environments. This creates substantial exploit risk for .NET Core applications running on macOS and Linux that process user-uploaded images, web applications handling graphics content, and cross-platform .NET services that utilize System.Drawing.Common for image manipulation without proper input validation and file format restrictions. The technical root cause lies in System.Drawing.Common's Unix implementation where image loading APIs including Image.FromStream() and Bitmap constructors interface with native libgdiplus code that contains memory corruption vulnerabilities when processing crafted graphics files, creating a vector for known exploited vulnerabilities targeting cross-platform .NET applications. The vulnerability specifically affects the interaction between managed .NET code and native graphics processing libraries, where malicious image files can trigger memory corruption in the underlying native implementation, enabling attackers to achieve code execution in the context of the .NET application. The platform-specific nature of this vulnerability highlights the unique security challenges of cross-platform .NET development and the importance of secure native code integration. Mitigation strategies require upgrading to System.Drawing.Common versions 4.7.2 or 5.0.3 and later, which implement proper input validation and memory safety controls for graphics file processing, or implementing immediate workarounds including strict file format validation, input sanitization for all graphics processing operations, and limiting graphics file processing to trusted sources only. Organizations should prioritize identifying all .NET Core applications running on macOS and Linux that utilize System.Drawing.Common for graphics processing, audit image handling workflows for untrusted input processing, implement comprehensive file format validation and size restrictions for uploaded graphics content, and maintain updated CVE database records to track similar graphics processing vulnerabilities that could compromise .NET application security through unsafe native code interaction and memory corruption attacks in cross-platform graphics processing systems.