CVE-2023-1289

23.03.2023, 20:15

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
imagemagick	imagemagick	𝑥 < 7.1.1-0
fedoraproject	extra_packages_for_enterprise_linux	8.0
fedoraproject	extra_packages_for_enterprise_linux	9.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

imagemagick

bookworm	8:6.9.11.60+dfsg-1.6+deb12u2 fixed
bookworm (security)	8:6.9.11.60+dfsg-1.6+deb12u1 fixed
bullseye	8:6.9.11.60+dfsg-1.3+deb11u4 fixed
bullseye (security)	8:6.9.11.60+dfsg-1.3+deb11u3 fixed
sid	8:7.1.1.43+dfsg1-1 fixed
trixie	8:7.1.1.39+dfsg1-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

imagemagick

bionic	not-affected
focal	Fixed 8:6.9.10.23+dfsg-2.1ubuntu11.10 released
jammy	Fixed 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 released
kinetic	Fixed 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5 released
lunar	Fixed 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1 released
mantic	Fixed 8:6.9.11.60+dfsg-1.6ubuntu1 released
noble	Fixed 8:6.9.11.60+dfsg-1.6ubuntu1 released
oracular	Fixed 8:6.9.11.60+dfsg-1.6ubuntu1 released
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

ImageMagick

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 15 SP1	7.0.7.34-150000.3.123.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise workstation 12 SP5	6.8.8.1-71.186.1 fixed

ImageMagick-config-6-SUSE

suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP3	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed

ImageMagick-config-6-upstream

suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP3	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed

ImageMagick-config-7-SUSE

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP1	7.0.7.34-150000.3.123.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

ImageMagick-config-7-upstream

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP7	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP7	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP1	7.0.7.34-150000.3.123.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP7	7.1.0.9-150400.6.15.1 fixed

ImageMagick-config-7-upstream-limited

suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

ImageMagick-config-7-upstream-open

suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

ImageMagick-config-7-upstream-secure

suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

ImageMagick-config-7-upstream-websafe

suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

ImageMagick-devel

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP1	7.0.7.34-150000.3.123.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

libMagick++-6_Q16-3

suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise workstation 12 SP5	6.8.8.1-71.186.1 fixed

libMagick++-7_Q16HDRI4

suse enterprise server 15 SP1

7.0.7.34-150000.3.123.1

fixed

libMagick++-7_Q16HDRI5

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

libMagick++-devel

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP1	7.0.7.34-150000.3.123.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

libMagickCore-6_Q16-1

suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP3	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed

libMagickCore-6_Q16-1-32bit

suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise workstation 12 SP5	6.8.8.1-71.186.1 fixed

libMagickCore-7_Q16HDRI10

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

libMagickCore-7_Q16HDRI6

suse enterprise server 15 SP1

7.0.7.34-150000.3.123.1

fixed

libMagickWand-6_Q16-1

suse enterprise sap 12 SP5	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP3	6.8.8.1-71.186.1 fixed
suse enterprise server 12 SP5	6.8.8.1-71.186.1 fixed

libMagickWand-7_Q16HDRI10

suse enterprise desktop 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise desktop 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise desktop 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise sap 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.1.4 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.15.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.1.11 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.1.4 fixed

libMagickWand-7_Q16HDRI6

suse enterprise server 15 SP1

7.0.7.34-150000.3.123.1

fixed

perl-PerlMagick

suse enterprise server 15 SP1	7.0.7.34-150000.3.123.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.15.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2176858

https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr

https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html

https://bugzilla.redhat.com/show_bug.cgi?id=2176858

https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr

https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html