Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1906

Опубликовано: 02 апр. 2023
Источник: redhat
CVSS3: 5.5

Описание

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

A heap-based buffer overflow was found in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. This issue could allow an attacker to pass a specially crafted file to convert, triggering an out-of-bounds read error, which could cause an application to crash and result in a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickNot affected
Red Hat Enterprise Linux 7ImageMagickNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122->CWE-125->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2185714ImageMagick: heap-based buffer overflow in ImportMultiSpectralQuantum() in MagickCore/quantum-import.c

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1906

CVSS3: 5.5
ubuntu
около 2 лет назад

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

nvd логотип

CVE-2023-1906

CVSS3: 5.5
nvd
около 2 лет назад

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

debian логотип

CVE-2023-1906

CVSS3: 5.5
debian
около 2 лет назад

A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...

suse-cvrf логотип

SUSE-SU-2023:1927-1

suse-cvrf
около 2 лет назад

Security update for ImageMagick

github логотип

GHSA-vpgp-gjqv-364p

CVSS3: 5.5
github
около 2 лет назад

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

5.5 Medium

CVSS3

Уязвимость CVE-2023-1906