PdfSharpCore icon indicating copy to clipboard operation
PdfSharpCore copied to clipboard
verified publisher icon ststeiger

Updating ImageSharp Libraries to address current CVEs.

Open IntegerMan opened this issue 1 month ago • 0 comments

We're getting code scan results highlighting the SixLabors.ImageSharp dependency that PdfSharpCore has:

• CVE-2024-41131 (High) - requires 2.1.9+ • CVE-2025-27598 (High) - requires 2.1.10+ • CVE-2024-27929 (High) - requires 2.1.7+ • CVE-2024-32035 (Medium) - requires 2.1.8+ • CVE-2024-32036 (Medium) - requires 2.1.8+ • CVE-2024-41132 (Medium) - requires 2.1.9+ • CVE-2025-54575 (Medium) - requires 2.1.11+

It looks like these vulnerabilities could be addressed if PdfSharpCore releases a new version that updates the ImageSharp dependency to a newer version to avoid these issues, however, the last minor release was 8 months ago at the moment.

I'd like to see dependencies updated to 2.1.11 or higher and a new NuGet package made available.

IntegerMan avatar Nov 24 '25 18:11 IntegerMan