vulnerability

Ubuntu: (Multiple Advisories) (CVE-2023-1289): ImageMagick vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:M/Au:N/C:N/I:N/A:C)	Mar 23, 2023	Jul 5, 2023	Apr 16, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:N/A:C)

Published

Mar 23, 2023

Added

Jul 5, 2023

Modified

Apr 16, 2026

Description

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Solutions

ubuntu-pro-upgrade-imagemagickubuntu-pro-upgrade-imagemagick-6-commonubuntu-pro-upgrade-imagemagick-6-q16ubuntu-pro-upgrade-imagemagick-6-q16hdriubuntu-pro-upgrade-imagemagick-commonubuntu-pro-upgrade-libimage-magick-perlubuntu-pro-upgrade-libimage-magick-q16-perlubuntu-pro-upgrade-libmagick-6-q16-5v5ubuntu-pro-upgrade-libmagick-6-q16-7ubuntu-pro-upgrade-libmagick-6-q16-8ubuntu-pro-upgrade-libmagick-6-q16-devubuntu-pro-upgrade-libmagick-6-q16hdri-7ubuntu-pro-upgrade-libmagick-6-q16hdri-8ubuntu-pro-upgrade-libmagick-6-q16hdri-devubuntu-pro-upgrade-libmagick-devubuntu-pro-upgrade-libmagickcore-6-headersubuntu-pro-upgrade-libmagickcore-6-q16-2ubuntu-pro-upgrade-libmagickcore-6-q16-3ubuntu-pro-upgrade-libmagickcore-6-q16-6ubuntu-pro-upgrade-libmagickcore-6-q16-devubuntu-pro-upgrade-libmagickcore-6-q16hdri-3ubuntu-pro-upgrade-libmagickcore-6-q16hdri-6ubuntu-pro-upgrade-libmagickcore-devubuntu-pro-upgrade-libmagickwand-6-q16-2ubuntu-pro-upgrade-libmagickwand-6-q16-3ubuntu-pro-upgrade-libmagickwand-6-q16-6ubuntu-pro-upgrade-libmagickwand-6-q16-devubuntu-pro-upgrade-libmagickwand-devubuntu-pro-upgrade-perlmagickubuntu-upgrade-imagemagickubuntu-upgrade-imagemagick-6-commonubuntu-upgrade-imagemagick-6-q16ubuntu-upgrade-imagemagick-6-q16hdriubuntu-upgrade-imagemagick-commonubuntu-upgrade-libimage-magick-perlubuntu-upgrade-libimage-magick-q16-perlubuntu-upgrade-libimage-magick-q16hdri-perlubuntu-upgrade-libmagick-6-headersubuntu-upgrade-libmagick-6-q16-8ubuntu-upgrade-libmagick-6-q16-devubuntu-upgrade-libmagick-6-q16hdri-8ubuntu-upgrade-libmagick-6-q16hdri-devubuntu-upgrade-libmagick-devubuntu-upgrade-libmagickcore-6-headersubuntu-upgrade-libmagickcore-6-q16-6ubuntu-upgrade-libmagickcore-6-q16-devubuntu-upgrade-libmagickcore-6-q16hdri-6ubuntu-upgrade-libmagickcore-6-q16hdri-devubuntu-upgrade-libmagickcore-devubuntu-upgrade-libmagickwand-6-headersubuntu-upgrade-libmagickwand-6-q16-6ubuntu-upgrade-libmagickwand-6-q16-devubuntu-upgrade-libmagickwand-6-q16hdri-6ubuntu-upgrade-libmagickwand-6-q16hdri-devubuntu-upgrade-libmagickwand-devubuntu-upgrade-perlmagick

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report