squidex.assets.6.19.0.nupkg: 1 vulnerabilities (highest severity is: 6.9) [master]

<details>
  <summary>📂 Vulnerable Library - <strong>squidex.assets.6.19.0.nupkg</strong></summary>

Squidex Internal Libraries



**Path to dependency file:** /tools/TestSuite/TestSuite.ApiTests/TestSuite.ApiTests.csproj

**Path to vulnerable library:** /home/wss-scanner/.nuget/packages/squidex.assets/6.19.0/squidex.assets.6.19.0.nupkg


</details>


# Findings
| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available | **Reachability** |
| ------------- | ------------- | ---- | --- | ----- | ----- | ----- | --- | --- | --- |
| [ CVE-2025-54575 ](https://www.mend.io/vulnerability-database/CVE-2025-54575) | 🟠 Medium | 6.9 | Not Defined | < 1% | sixlabors.imagesharp.3.1.5.nupkg | Transitive | N/A | ❌ | |


# Details


<details>
  <summary>
 🟠CVE-2025-54575
  </summary>

### Vulnerable Library - **sixlabors.imagesharp.3.1.5.nupkg**

A new, fully featured, fully managed, cross-platform, 2D graphics API for .NET

**Library home page:** [ https://api.nuget.org/packages/sixlabors.imagesharp.3.1.5.nupkg ](https://api.nuget.org/packages/sixlabors.imagesharp.3.1.5.nupkg)

**Path to dependency file:** /tools/TestSuite/TestSuite.Shared/TestSuite.Shared.csproj

**Path to vulnerable library:** /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/3.1.5/sixlabors.imagesharp.3.1.5.nupkg



**Dependency Hierarchy:**


- squidex.assets.6.19.0.nupkg (Root Library)
    - ❌  **sixlabors.imagesharp.3.1.5.nupkg** (Vulnerable Library)


- squidex.assets.imagesharp.6.22.0.nupkg (Root Library)
    - ❌  **sixlabors.imagesharp.3.1.5.nupkg** (Vulnerable Library)


- squidex.assets.imagesharp.6.19.0.nupkg (Root Library)
    - squidex.assets.6.19.0.nupkg
        - ❌  **sixlabors.imagesharp.3.1.5.nupkg** (Vulnerable Library)


- TestSuite.Shared-1.0.0 (Root Library)
    - squidex.assets.6.19.0.nupkg
        - ❌  **sixlabors.imagesharp.3.1.5.nupkg** (Vulnerable Library)




***

### Vulnerability Details

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.

**Publish Date:** Jul 30, 2025 07:55 PM

**URL:** [ CVE-2025-54575 ](https://www.mend.io/vulnerability-database/CVE-2025-54575)

**Threat Assessment**

Exploit Maturity:Not Defined

EPSS:< 1%

**Score:** 6.9


***
### Suggested Fix

**Type:** Upgrade version

**Origin:** 

**Release Date:** 

**Fix Resolution :** 


</details>

[comment]: <> (<MEND_ISSUE_METADATA>{"identifier":"squidex.assets.6.19.0.nupkg","repoName":"squidex-csharp-reach","branchName":"master","type":"SCA_DEP"}</MEND_ISSUE_METADATA>)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

squidex.assets.6.19.0.nupkg: 1 vulnerabilities (highest severity is: 6.9) [master] #21

Findings

Details

Vulnerable Library - sixlabors.imagesharp.3.1.5.nupkg

Vulnerability Details

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

squidex.assets.6.19.0.nupkg: 1 vulnerabilities (highest severity is: 6.9) [master] #21

Description

Findings

Details

Vulnerable Library - sixlabors.imagesharp.3.1.5.nupkg

Vulnerability Details

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions