Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-1289

Published: 23 March 2023

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Notes

AuthorNote
rodrigo-zaiden 
vulnerability was added at some point in 6.9.x. It does
not reproduce in older versions. In Ubuntu it affects bionic and later.
additional patchs may be needed, some data structures are
not available in ImageMagick6, and there is no commit from upstream in
ImageMagick6.

Priority

Low

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
imagemagick
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(code not present)
focal
Released (8:6.9.10.23+dfsg-2.1ubuntu11.9)
jammy
Released (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2)
Available with Ubuntu Pro
kinetic
Released (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5)
lunar
Released (8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1)
mantic
Released (8:6.9.11.60+dfsg-1.6ubuntu1)
trusty Not vulnerable
(code not present)
upstream
Released (7.1.1-0)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading