Alerts This Week
Warning Icon 1 1,495
Alerts This Week
Warning Icon 1 1,495

Debian LTS: DLA-3737-1 Critical: Imagemagick Segmentation Fault DoS

debian lts
Calendar Grey February 22, 2024
Dist Debian Esm H88
The recent Debian LTS security patch DLA-3741-2 mitigates issues found in OpenSSL that compromise secure communications.
Imagemagick a graphical software suite for displaying, creating and modifying images was vulnerable

Summary

CVE-2023-1289

A vulnerability was discovered
in ImageMagick where a specially created SVG file
loads itself and causes a segmentation fault.
This flaw allows a remote attacker to pass a
specially crafted SVG file that leads to a segmentation
fault, generating many trash files in "/tmp," resulting in
a denial of service. When ImageMagick crashes, it generates
a lot of trash files. These trash files can be large if the
SVG file contains many render actions.

CVE-2023-5341

A heap use-after-free flaw was found in coders/bmp.c

CVE-2023-34151

A vulnerability was found in ImageMagick,
due to undefined behaviors of casting double to size_t in
svg, mvg and other coders

Moreover a few potential security problems were fixed in the
TIFF coders like for instance memory leaks. These issues were
unfortunatly CVE less. CVE-2023-39978 (a deny of service)
was also fixed by being introduced by partial fixes
of these problems.

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: imagemagick
Version: 8:6.9.10.23+dfsg-2.1+deb10u6
CVE ID: CVE-2023-1289 CVE-2023-5341 CVE-2023-34151

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here