Showing 1 - 3 of 3

CVE-2023-1289

Status Candidate

Overview

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Related Files

Ubuntu Security Notice USN-6200-2: Posted Aug 6, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.; tags | advisory, vulnerability; systems | linux, ubuntu; advisories | CVE-2020-29599, CVE-2021-20224, CVE-2021-20246, CVE-2021-20312, CVE-2021-20313, CVE-2021-39212, CVE-2023-1289, CVE-2023-3195, CVE-2023-34151, CVE-2023-3428; SHA-256 | ded6c4c8b3d3bb0eeac147b90c00e05a999088a5edf3575723974f537a908acb; Download | Favorite | View

Debian Security Advisory 5628-1: Posted Feb 24, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.; tags | advisory, denial of service, arbitrary; systems | linux, debian; advisories | CVE-2021-3610, CVE-2022-1115, CVE-2023-1289, CVE-2023-1906, CVE-2023-34151, CVE-2023-3428, CVE-2023-5341; SHA-256 | f3cb8b62b33597d095e3b6b6dd3d138b869540fe77fdd212e1777a113e936759; Download | Favorite | View

Ubuntu Security Notice USN-6200-1: Posted Jul 4, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.; tags | advisory, denial of service, arbitrary, shell, code execution; systems | linux, ubuntu; advisories | CVE-2020-29599, CVE-2021-20224, CVE-2021-20244, CVE-2021-20246, CVE-2021-20312, CVE-2021-20313, CVE-2021-39212, CVE-2022-32545, CVE-2023-1289, CVE-2023-1906, CVE-2023-3195, CVE-2023-34151, CVE-2023-3428; SHA-256 | 4624c32fa88c1256496ddb16ef8578660e852b2894774605d467f2dca0b95882; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2023-1289

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems