A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "imagemagick-common": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libimage-magick-q16-perl": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16hdri-6-extra-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libimage-magick-q16hdri-perl": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6.q16-8-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-6-common": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-6.q16hdri-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libimage-magick-perl": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6.q16hdri-6": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6.q16hdri-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-6.q16-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6.q16-6-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16-6-extra-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-6-doc": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6.q16-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "perlmagick": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6.q16hdri-8-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libimage-magick-q16-perl-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16hdri-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6-headers": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16-6": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6-headers": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6-headers": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6.q16hdri-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6.q16hdri-6-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16hdri-6-extra": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16hdri-6": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-doc": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16-6-extra": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6.q16-8": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6.q16hdri-8": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6-arch-config": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-6.q16": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagick++-6.q16-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickwand-6.q16-6": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "imagemagick-6.q16hdri": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16hdri-6-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-6.q16-6-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libimage-magick-q16hdri-perl-dbgsym": "8:6.9.10.23+dfsg-2.1ubuntu11.10", "libmagickcore-dev": "8:6.9.10.23+dfsg-2.1ubuntu11.10" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "imagemagick-common": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libimage-magick-q16-perl": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16hdri-6-extra-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libimage-magick-q16hdri-perl": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6.q16-8-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-6-common": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-6.q16hdri-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libimage-magick-perl": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6.q16hdri-6": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6.q16hdri-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-6.q16-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6.q16-6-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16-6-extra-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-6-doc": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6.q16-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "perlmagick": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6.q16hdri-8-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libimage-magick-q16-perl-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16hdri-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6-headers": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16-6": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6-headers": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6-headers": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6.q16hdri-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6.q16hdri-6-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16hdri-6-extra": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16hdri-6": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-doc": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16-6-extra": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6.q16-8": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6.q16hdri-8": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6-arch-config": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-6.q16": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagick++-6.q16-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickwand-6.q16-6": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "imagemagick-6.q16hdri": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16hdri-6-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-6.q16-6-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libimage-magick-q16hdri-perl-dbgsym": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5", "libmagickcore-dev": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "imagemagick-common": "8:6.9.11.60+dfsg-1.6ubuntu1", "libimage-magick-q16-perl": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16hdri-6-extra-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libimage-magick-q16hdri-perl": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6.q16-8-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-6-common": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-6.q16hdri-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libimage-magick-perl": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6.q16hdri-6": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6.q16hdri-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-6.q16-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6.q16-6-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16-6-extra-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-6-doc": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6.q16-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "perlmagick": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6.q16hdri-8-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libimage-magick-q16-perl-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16hdri-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6-headers": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16-6": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6-headers": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6-headers": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6.q16hdri-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6.q16hdri-6-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16hdri-6-extra": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16hdri-6": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-doc": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16-6-extra": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6.q16-8": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6.q16hdri-8": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6-arch-config": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-6.q16": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagick++-6.q16-dev": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickwand-6.q16-6": "8:6.9.11.60+dfsg-1.6ubuntu1", "imagemagick-6.q16hdri": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16hdri-6-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-6.q16-6-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libimage-magick-q16hdri-perl-dbgsym": "8:6.9.11.60+dfsg-1.6ubuntu1", "libmagickcore-dev": "8:6.9.11.60+dfsg-1.6ubuntu1" } ] }