Vulnerability Report for ImageGlass 8 & 9: CVE-2024-30105 | .NET Denial of Service

Vulnerability Details:

How do I know if I am affected?

For ImageGlass 9

  • Click on Main Menu > Help > About (or press F1) to open About dialog
  • Check the .NET Runtime version, if the version <= 8.0.6, you are affected.

Check ImageGlass 9 Vulnerability

For ImageGlass 8

  • Click on Main Menu > Help > About (or press F1) to open About dialog
  • Check the ImageGlass version, if the version <= 8.12.4.30, you are affected.

Check ImageGlass 8 Vulnerability

How do I fix the issue?

For ImageGlass 9

If you're using .NET 8.0, you should download and install .NET 8.0.7 Desktop Runtime from https://dotnet.microsoft.com/download/dotnet-core/8.0.

.NET 8.0 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.

Once you have installed the updated runtime or SDK, restart your apps for the update to take effect.

For ImageGlass 8

ImageGlass 8 is end of life, no public updates or patches released to address it.

If you concerned about security may opt for the Paid Support Service, where updates addressing vulnerabilities can be provided for a fee.

For more information on Paid Support, please visit our support page.

Support ImageGlass

ImageGlass stands as an open-source, ad-free photo viewer, yet its development and upkeep demand resources. Your financial backing not only sustains this project but also fuels my motivation for crafting future releases.

Should you opt for GitHub Sponsor or Patreon, be sure to explore the tier-specific benefits on offer.
Your support is greatly appreciated!