Veracode Vulnerability DatabaseVERACODE:44046Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.2%
imagemagick is vulnerable to Denial of Service (DoS). A heap-based buffer overflow vulnerability in ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c allows an attacker to pass a specially crafted file to convert, triggering an out-of-bounds read error, which could cause an application to crash and result in a denial of service (DoS).
References
access.redhat.com/security/cve/CVE-2023-1906
bugzilla.redhat.com/show_bug.cgi?id=2185714
github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
lists.fedoraproject.org/archives/list/[email protected]/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
security-tracker.debian.org/tracker/CVE-2023-1906
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.2%