Lucene search

[email protected]CVE-2023-39978

HistoryAug 08, 2023 - 6:15 a.m.

CVE-2023-39978

2023-08-0806:15:47

CWE-401

[email protected]

web.nvd.nist.gov

cve-2023-39978

imagemagick

denial of service

memory consumption

vulnerability

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

3.7 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

Affected configurations

NVD

Node

imagemagickimagemagickRange<6.9.12-91

Node

fedoraprojectfedoraMatch37

CPENameOperatorVersion
imagemagick:imagemagickimagemagicklt6.9.12-91

CPE	Name	Operator	Version
imagemagick:imagemagick	imagemagick	lt	6.9.12-91

References

github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12

github.com/ImageMagick/ImageMagick6/compare/6.9.12-90...6.9.12-91

github.com/rmagick/rmagick/pull/1406/files

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

3.7 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.3%

JSON

Related for CVE-2023-39978

cvelist1 prion1 debiancve1 redhatcve1 nvd1 ubuntucve1 redos1 osv1 nessus5 debian1 fedora1 openvas1