CVE-2023-2157

Опубликовано: 06 июн. 2023

Источник: debian

EPSS Низкий

Описание

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
imagemagick	fixed	8:6.9.12.98+dfsg1-2		package
imagemagick	not-affected		bookworm	package
imagemagick	not-affected		bullseye	package
imagemagick	not-affected		buster	package

Примечания

Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
Introduced by: https://github.com/ImageMagick/ImageMagick/issues/5768
Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/a45686d30fb5785d7f0cb8a0e8efdeb75eabfe08 (exif feature not present before this commit 6.9.12.72)

EPSS

Процентиль: 4%

0.00023

Низкий

Связанные уязвимости

CVE-2023-2157

CVSS3: 5.5

ubuntu

около 2 лет назад

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

CVE-2023-2157

CVSS3: 5.5

redhat

около 2 лет назад

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

CVE-2023-2157

CVSS3: 5.5

nvd

около 2 лет назад

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

GHSA-336m-6jwp-8932

CVSS3: 5.5

github

около 2 лет назад

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

BDU:2023-03597

CVSS3: 5.5

fstec

около 2 лет назад

Уязвимость консольного графического редактора ImageMagick, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%

0.00023

Низкий