CVE-2023-39978

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

08/08/2023

Last modified:

30/11/2023

Description

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 3.30 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low

Base Score 3.x

3.30

Severity 3.x

LOW

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:imagemagick:imagemagick::::::::		6.9.12-91 (excluding)
cpe:2.3:o:fedoraproject:fedora:37:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12
https://github.com/ImageMagick/ImageMagick6/compare/6.9.12-90...6.9.12-91
https://github.com/rmagick/rmagick/pull/1406/files
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/