Steema Issues Database

Note: This database is for bugs and wishes only. For technical support help, if you are a customer please visit our online forums;
otherwise you can use StackOverflow.
Before using this bug-tracker we recommend a look at this document, Steema Bug Fixing Policy.

Bug 2699

Summary:	TeeChart.NET references version of SixLabors.ImageSharp with security vulnerabilities
Product:	.NET TeeChart	Reporter:	benjamin.hempel
Component:	Others	Assignee:	Steema Issue Manager <issuemanager>
Status:	UNCONFIRMED ---
Severity:	major
Priority:	---
Version:	unspecified
Target Milestone:	---
Hardware:	PC
OS:	Windows
Chart Series:	---	Delphi / C++ Builder RAD IDE Version:

Description benjamin.hempel 2024-04-29 09:12:34 EDT

The latest version of the Steema.TeeChart.NET NuGet package (4.2024.4.20) references an outdated version of SixLabors.ImageSharp (3.0.1) with multiple known security vulnerabilites:

- CVE-2024-27929 (https://github.com/advisories/GHSA-65x7-c272-7g7r, CVSS 7.1/10)
- CVE-2024-32035 (https://github.com/advisories/GHSA-g85r-6x2q-45w7, CVSS 5.3/10)
- CVE-2024-32036 (https://github.com/advisories/GHSA-5x7m-6737-26cr, CVSS 5.3/10)

It would be great if SixLabors.ImageSharp could be updated to the latest version  known to fix all issues listed above (3.1.4) with the next release of TeeChart.NET.

An update of SixLabors.ImageSharp.Drawing to a non-beta (!) version -- ideally the latest one -- would also be greatly appreciated.

Thank you!