DEBIAN-CVE-2023-1289
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-1289
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-1289.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-1289
- Upstream
- Published
- 2023-03-23T20:15:14Z
- Modified
- 2025-09-19T07:33:11.475500Z
- Summary
- [none]
- Details
-
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
- References
Affected packages
Debian:11 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8:6.9.11.60+dfsg-1.3+deb11u3
Debian:12 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:13 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:14 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source