Lucene search

K

GoogleOSV:CVE-2023-1906

HistoryApr 12, 2023 - 10:15 p.m.

CVE-2023-1906

2023-04-1222:15:11

Google

osv.dev

13

cve-2023-1906

imagemagick

buffer overflow

denial of service

security

vulnerability

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.2%

A heap-based buffer overflow issue was discovered in ImageMagick’s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

References

access.redhat.com/security/cve/CVE-2023-1906

bugzilla.redhat.com/show_bug.cgi?id=2185714

github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3

github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247

github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.2%

Related for OSV:CVE-2023-1906

nessus7 prion1 openvas4 cve1 fedora1 redhatcve1 debiancve1 ubuntucve1 mageia1 veracode1 nvd1 osv4 cvelist1 redos1 debian1 gentoo1 cloudfoundry1 ubuntu2