Memory Leak Affecting imagemagick package, versions *
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
0.05% (16th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU2204-IMAGEMAGICK-5838239
- published 11 Aug 2023
- disclosed 8 Aug 2023
Introduced: 8 Aug 2023
CVE-2023-39978 Open this link in a new tabHow to fix?
There is no fixed version for Ubuntu:22.04 imagemagick.
NVD Description
Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-39978
- https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12
- https://github.com/ImageMagick/ImageMagick6/compare/6.9.12-90...6.9.12-91
- https://github.com/rmagick/rmagick/pull/1406/files
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/