vulnerability
Ubuntu: (Multiple Advisories) (CVE-2023-1906): ImageMagick vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:N/I:N/A:C) | Apr 12, 2023 | Jul 5, 2023 | Jan 30, 2025 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:N/A:C)
Published
Apr 12, 2023
Added
Jul 5, 2023
Modified
Jan 30, 2025
Description
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Solution(s)
ubuntu-pro-upgrade-imagemagickubuntu-pro-upgrade-imagemagick-6-commonubuntu-pro-upgrade-imagemagick-6-q16ubuntu-pro-upgrade-imagemagick-6-q16hdriubuntu-pro-upgrade-imagemagick-commonubuntu-pro-upgrade-libimage-magick-perlubuntu-pro-upgrade-libimage-magick-q16-perlubuntu-pro-upgrade-libmagick-6-q16-5v5ubuntu-pro-upgrade-libmagick-6-q16-7ubuntu-pro-upgrade-libmagick-6-q16-8ubuntu-pro-upgrade-libmagick-6-q16-devubuntu-pro-upgrade-libmagick-6-q16hdri-7ubuntu-pro-upgrade-libmagick-6-q16hdri-8ubuntu-pro-upgrade-libmagick-6-q16hdri-devubuntu-pro-upgrade-libmagick-devubuntu-pro-upgrade-libmagickcore-6-headersubuntu-pro-upgrade-libmagickcore-6-q16-2ubuntu-pro-upgrade-libmagickcore-6-q16-3ubuntu-pro-upgrade-libmagickcore-6-q16-6ubuntu-pro-upgrade-libmagickcore-6-q16-devubuntu-pro-upgrade-libmagickcore-6-q16hdri-3ubuntu-pro-upgrade-libmagickcore-6-q16hdri-6ubuntu-pro-upgrade-libmagickcore-devubuntu-pro-upgrade-libmagickwand-6-q16-2ubuntu-pro-upgrade-libmagickwand-6-q16-3ubuntu-pro-upgrade-libmagickwand-6-q16-6ubuntu-pro-upgrade-libmagickwand-6-q16-devubuntu-pro-upgrade-libmagickwand-devubuntu-pro-upgrade-perlmagick
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.