CVE-2023-1906

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-122
View all →

Vulnerability Description

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Related Vulnerabilities

CVE-2019-14814

MEDIUM
CVSS:5.5(Medium)

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system cra...

CWE-1222019

CVE-2019-14816

MEDIUM
CVSS:5.5(Medium)

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or...

CWE-1222019

CVE-2020-25665

MEDIUM
CVSS:5.5(Medium)

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in...

CWE-1222020

CVE-2020-25667

MEDIUM
CVSS:5.5(Medium)

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a craf...

CWE-1222020

CVE-2020-25674

MEDIUM
CVSS:5.5(Medium)

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible fo...

CWE-1222020

CVE-2020-27829

MEDIUM
CVSS:5.5(Medium)

A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

CWE-1222020