Steema Issues Database

Note: This database is for bugs and wishes only. For technical support help, if you are a customer please visit our online forums;
otherwise you can use StackOverflow.
Before using this bug-tracker we recommend a look at this document, Steema Bug Fixing Policy.



Bug 2699 - TeeChart.NET references version of SixLabors.ImageSharp with security vulnerabilities
Summary: TeeChart.NET references version of SixLabors.ImageSharp with security vulnera...
Status: UNCONFIRMED
Alias: None
Product: .NET TeeChart
Classification: Unclassified
Component: Others (show other bugs)
Version: unspecified
Hardware: PC Windows
: --- major
Target Milestone: ---
Assignee: Steema Issue Manager
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-29 09:12 EDT by benjamin.hempel
Modified: 2024-04-29 09:12 EDT (History)
0 users

See Also:
Chart Series: ---
Delphi / C++ Builder RAD IDE Version:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description benjamin.hempel 2024-04-29 09:12:34 EDT 
The latest version of the Steema.TeeChart.NET NuGet package (4.2024.4.20) references an outdated version of SixLabors.ImageSharp (3.0.1) with multiple known security vulnerabilites:

- CVE-2024-27929 (https://github.com/advisories/GHSA-65x7-c272-7g7r, CVSS 7.1/10)
- CVE-2024-32035 (https://github.com/advisories/GHSA-g85r-6x2q-45w7, CVSS 5.3/10)
- CVE-2024-32036 (https://github.com/advisories/GHSA-5x7m-6737-26cr, CVSS 5.3/10)

It would be great if SixLabors.ImageSharp could be updated to the latest version  known to fix all issues listed above (3.1.4) with the next release of TeeChart.NET.

An update of SixLabors.ImageSharp.Drawing to a non-beta (!) version -- ideally the latest one -- would also be greatly appreciated.

Thank you!