CVE-2023-1289
Published: 23 March 2023
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
Notes
| Author | Note |
|---|---|
| rodrigo-zaiden | vulnerability was added at some point in 6.9.x. It does not reproduce in older versions. In Ubuntu it affects bionic and later. additional patchs may be needed, some data structures are not available in ImageMagick6, and there is no commit from upstream in ImageMagick6. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
imagemagick Launchpad, Ubuntu, Debian |
trusty |
Not vulnerable
(code not present)
|
| xenial |
Not vulnerable
(code not present)
|
|
| bionic |
Not vulnerable
(code not present)
|
|
| focal |
Released
(8:6.9.10.23+dfsg-2.1ubuntu11.9)
|
|
| jammy |
Released
(8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2)
Available with Ubuntu Pro |
|
| kinetic |
Released
(8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5)
|
|
| upstream |
Released
(7.1.1-0)
|
|
| lunar |
Released
(8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1)
|
|
|
Patches: upstream: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |