发布于3月6日3月6日 Members SUSE: CVE-2023-1289: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/23/2023 Created 05/05/2023 Added 04/04/2023 Modified 01/28/2025 Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. Solution(s) suse-upgrade-imagemagick suse-upgrade-imagemagick-config-6-suse suse-upgrade-imagemagick-config-6-upstream suse-upgrade-imagemagick-config-7-suse suse-upgrade-imagemagick-config-7-upstream suse-upgrade-imagemagick-devel suse-upgrade-imagemagick-devel-32bit suse-upgrade-imagemagick-doc suse-upgrade-imagemagick-extra suse-upgrade-libmagick-6_q16-3 suse-upgrade-libmagick-7_q16hdri4 suse-upgrade-libmagick-7_q16hdri4-32bit suse-upgrade-libmagick-7_q16hdri5 suse-upgrade-libmagick-7_q16hdri5-32bit suse-upgrade-libmagick-devel suse-upgrade-libmagick-devel-32bit suse-upgrade-libmagickcore-6_q16-1 suse-upgrade-libmagickcore-6_q16-1-32bit suse-upgrade-libmagickcore-7_q16hdri10 suse-upgrade-libmagickcore-7_q16hdri10-32bit suse-upgrade-libmagickcore-7_q16hdri6 suse-upgrade-libmagickcore-7_q16hdri6-32bit suse-upgrade-libmagickwand-6_q16-1 suse-upgrade-libmagickwand-7_q16hdri10 suse-upgrade-libmagickwand-7_q16hdri10-32bit suse-upgrade-libmagickwand-7_q16hdri6 suse-upgrade-libmagickwand-7_q16hdri6-32bit suse-upgrade-perl-perlmagick References https://attackerkb.com/topics/cve-2023-1289 CVE - 2023-1289
