Описание
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | released | 8:6.9.11.60+dfsg-1.6ubuntu1 |
| esm-apps/focal | released | 8:6.9.10.23+dfsg-2.1ubuntu11.10 |
| esm-apps/jammy | released | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 |
| esm-apps/noble | released | 8:6.9.11.60+dfsg-1.6ubuntu1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 8:6.9.10.23+dfsg-2.1ubuntu11.10 |
| jammy | released | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
A vulnerability was discovered in ImageMagick where a specially create ...
EPSS
5.5 Medium
CVSS3