CVE-2023-1906

CVSS V2 None CVSS V3 None

Description

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Overview

CVE ID
CVE-2023-1906

Assigner
secalert@redhat.com

Vulnerability Status
Analyzed

Published Version
2023-04-12T22:15:11

Last Modified Date
2023-04-21T15:18:44

Weakness Enumerations

CWE	URL
CWE-787	http://cwe.mitre.org/data/definitions/787.html
CWE-122	http://cwe.mitre.org/data/definitions/122.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:imagemagick:imagemagick::::::::	1	OR	6.9.12-84
cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:::::::*	1	OR
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*	1	OR
cpe:2.3:o:fedoraproject:fedora:37:::::::*	1	OR

References

Reference URL	Reference Tags
https://access.redhat.com/security/cve/CVE-2023-1906
https://bugzilla.redhat.com/show_bug.cgi?id=2185714
https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-1906
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1906

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 04:38:52				Added to TrackCVE
2023-04-17 04:38:54			Weakness Enumeration	new
2023-04-18 15:00:26	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-04-21 16:00:49		2023-04-21T15:18:44	CVE Modified Date	updated
2023-04-21 16:00:49	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-04-21 16:00:54			Weakness Enumeration	update
2023-04-21 16:00:54			CPE Information	updated