CVE-2023-34151

Published: May 30, 2023Modified: Dec 2, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

Affected (7)

Products: Imagemagick: Imagemagick · Fedoraproject: Extra Packages For Enterprise Linux, Fedora · Redhat: Enterprise Linux · +1 more

Show all products

Imagemagick: Imagemagick · Fedoraproject: Extra Packages For Enterprise Linux, Fedora · Redhat: Enterprise Linux · Debian: Debian Linux

Imagemagick

1 product

Imagemagick

Fedoraproject

2 products

Extra Packages For Enterprise Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 7.1.1-11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Extra Packages For Enterprise Linux	Version 8.0
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (12)

https://access.redhat.com/security/cve/CVE-2023-34151

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2210657

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/6341

Source: secalert@redhat.com

ExploitIssue TrackingPatch

https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/security/cve/CVE-2023-34151

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2210657

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/ImageMagick/ImageMagick/issues/6341

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatch

https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.