Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-1289

Опубликовано: 23 мар. 2023
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Версия до 7.1.1-0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.001
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-20
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2023-1289

CVSS3: 5.5
ubuntu
около 2 лет назад

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

redhat логотип

CVE-2023-1289

CVSS3: 5.5
redhat
больше 2 лет назад

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

debian логотип

CVE-2023-1289

CVSS3: 5.5
debian
около 2 лет назад

A vulnerability was discovered in ImageMagick where a specially create ...

suse-cvrf логотип

SUSE-SU-2023:1756-1

suse-cvrf
около 2 лет назад

Security update for ImageMagick

suse-cvrf логотип

SUSE-SU-2023:1734-1

suse-cvrf
около 2 лет назад

Security update for ImageMagick

EPSS

Процентиль: 29%
0.001
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-20
CWE-20