Mageia 2023-0136: imgagmagick security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0136 - Updated imgagmagick packages fix security vulnerability

Publication date: 11 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0136.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created
SVG file loads itself and causes a segmentation fault. This flaw allows a
remote attacker to pass a specially crafted SVG file that leads to a
segmentation fault, generating many trash files in "/tmp," resulting in a
denial of service. When ImageMagick crashes, it generates a lot of trash
files. These trash files can be large if the SVG file contains many render
actions. In a denial of service attack, if a remote attacker uploads an
SVG file of size t, ImageMagick generates files of size 103*t. If an
attacker uploads a 100M SVG, the server will generate about 10G.
(CVE-2023-1289)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31761
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014341.html
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289

SRPMS:
- 8/core/imagemagick-7.1.0.62-1.mga8
- 8/tainted/imagemagick-7.1.0.62-1.mga8.tainted

Mageia 2023-0136: imgagmagick security update

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault

Summary

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. (CVE-2023-1289)

References

- https://bugs.mageia.org/show_bug.cgi?id=31761

- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014341.html

- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289

Resolution

MGASA-2023-0136 - Updated imgagmagick packages fix security vulnerability

SRPMS

- 8/core/imagemagick-7.1.0.62-1.mga8

- 8/tainted/imagemagick-7.1.0.62-1.mga8.tainted

Severity
Publication date: 11 Apr 2023
URL: https://advisories.mageia.org/MGASA-2023-0136.html
Type: security
CVE: CVE-2023-1289

Related News

PHP Vuln Threatens Confidentiality of Impacted Systems

10 Best Linux Vulnerability Scanners to Scan Linux Servers – 2023

Linux Kernel Use-After-Free Vuln Could lead to Privilege Escalation, Malware Attacks

Linux Kernel Logic Allowed Spectre Attack on 'Major Cloud Provider'

News

Advisories

HOWTOs

Features

Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation
Best Practices for PHP Security
Why Cloud Linux Is Beneficial for E-Commerce Stores

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy