Technical Information

Brief overview of the risk:

A remote code execution vulnerability in .NET Core for non-Windows systems which exists when parsing certain types of graphics files. This vulnerability can be exploited by sending a specially crafted request to .NET applications that are utilizing libgdiplus on a non-Windows system. This vulnerability only exists on systems running on MacOS or Linux. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the logged on user.

Further information on this vulnerability is available at : CVE-2021-24112