CVE-2023-1289
Publication date 23 March 2023
Last updated 29 July 2024
Ubuntu priority
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| imagemagick | 24.10 oracular |
Fixed 8:6.9.11.60+dfsg-1.6ubuntu1
|
| 24.04 LTS noble |
Fixed 8:6.9.11.60+dfsg-1.6ubuntu1
|
|
| 22.04 LTS jammy |
Fixed 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
|
|
| 20.04 LTS focal |
Fixed 8:6.9.10.23+dfsg-2.1ubuntu11.10
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
vulnerability was added at some point in 6.9.x. It does not reproduce in older versions. In Ubuntu it affects bionic and later. additional patchs may be needed, some data structures are not available in ImageMagick6, and there is no commit from upstream in ImageMagick6.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6200-1
- ImageMagick vulnerabilities
- 4 July 2023
- USN-6200-2
- ImageMagick vulnerabilities
- 25 July 2024