A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
2023-03-23T20:15:14.393
2024-11-21T07:38:50.907
Modified
CVSSv3.1: 5.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | imagemagick | imagemagick | < 7.1.1-0 | Yes |
| Application | fedoraproject | extra_packages_for_enterprise_linux | 8.0 | Yes |
| Application | fedoraproject | extra_packages_for_enterprise_linux | 9.0 | Yes |
| Operating System | fedoraproject | fedora | 36 | Yes |
| Operating System | fedoraproject | fedora | 37 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux | 9.0 | Yes |