0.33.5
11 years ago
4 months ago
Known vulnerabilities in the sharp package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
sharp is a High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, GIF, AVIF and TIFF images Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the Notes: This is only exploitable if the This vulnerability was also published on libwebp CVE-2023-5129 Changelog: 2023-09-12: Initial advisory publication 2023-09-27: Advisory details updated, including CVSS, references 2023-09-27: CVE-2023-5129 rejected as a duplicate of CVE-2023-4863 2023-09-28: Research and addition of additional affected libraries 2024-01-28: Additional fix information How to fix Heap-based Buffer Overflow? Upgrade | <0.32.6 |
sharp is a High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, GIF, AVIF and TIFF images Affected versions of this package are vulnerable to Remote Code Execution (RCE). There is a possible vulnerability in logic that is run only at How to fix Remote Code Execution (RCE)? Upgrade | <0.30.5 |