Bugzilla – Bug 1209141
VUL-0: CVE-2023-1289: GraphicsMagick,ImageMagick: segmentation fault and possible DoS via specially crafted SVG
Last modified: 2024-05-06 08:24:22 UTC
A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file. It seems that this error affects a lot of websites and causes a generating trash files in /tmp when uploading this PC file to the server. I think it's better to check the file descriptor coming from itself before executing read(). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1289 https://bugzilla.redhat.com/show_bug.cgi?id=2176858 https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
QA reproducer: $ cat bad.svg <!DOCTYPE test> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <image height="200" width="200" xlink:href="bad.svg" /> </svg> $ The bad.svg is important, so the svg file includes itself. However, you would have to build without rsvg delegate library to get the segmentation fault.
(In reply to Petr Gajdos from comment #11) > QA reproducer: > > $ cat bad.svg > <!DOCTYPE test> > <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" > xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> > <image height="200" width="200" xlink:href="bad.svg" /> > </svg> > $ > > The bad.svg is important, so the svg file includes itself. > > However, you would have to build without rsvg delegate library to get the > segmentation fault. And uninstall/don't install ImageMagick-config-{6|7}-SUSE.
Took https://github.com/ImageMagick/ImageMagick/commit/a3b0f6c0677e4db09236ccb0c934db7aef3cd52f Tested with or without this fix with or without rsvg (except 11/ImageMagick). Works as expected Submitted for 15sp4,15sp2,15,12,11/ImageMagick.
I believe all fixed.
SUSE-SU-2023:1734-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1209141 CVE References: CVE-2023-1289 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ImageMagick-6.8.8.1-71.186.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ImageMagick-6.8.8.1-71.186.1 SUSE Linux Enterprise Server 12 SP5 (src): ImageMagick-6.8.8.1-71.186.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ImageMagick-6.8.8.1-71.186.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): ImageMagick-6.8.8.1-71.186.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1733-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1209141 CVE References: CVE-2023-1289 Sources used: openSUSE Leap 15.4 (src): ImageMagick-7.1.0.9-150400.6.15.1 Desktop Applications Module 15-SP4 (src): ImageMagick-7.1.0.9-150400.6.15.1 Development Tools Module 15-SP4 (src): ImageMagick-7.1.0.9-150400.6.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:1756-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1209141 CVE References: CVE-2023-1289 Sources used: openSUSE Leap 15.4 (src): ImageMagick-7.0.7.34-150200.10.45.1 SUSE Linux Enterprise Real Time 15 SP3 (src): ImageMagick-7.0.7.34-150200.10.45.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1209141) was mentioned in https://build.opensuse.org/request/show/1112966 Factory / ImageMagick
SUSE-SU-2023:4634-1: An update that solves 24 vulnerabilities and has one security fix can now be installed. Category: security (important) Bug References: 1153866, 1181836, 1182325, 1182335, 1182336, 1182337, 1184624, 1184626, 1184627, 1184628, 1195563, 1197147, 1199350, 1200387, 1200388, 1200389, 1202250, 1202800, 1207982, 1207983, 1209141, 1211791, 1213624, 1214578, 1215939 CVE References: CVE-2019-17540, CVE-2020-21679, CVE-2021-20176, CVE-2021-20224, CVE-2021-20241, CVE-2021-20243, CVE-2021-20244, CVE-2021-20246, CVE-2021-20309, CVE-2021-20311, CVE-2021-20312, CVE-2021-20313, CVE-2022-0284, CVE-2022-2719, CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547, CVE-2022-44267, CVE-2022-44268, CVE-2023-1289, CVE-2023-34151, CVE-2023-3745, CVE-2023-5341 Sources used: SUSE CaaS Platform 4.0 (src): ImageMagick-7.0.7.34-150000.3.123.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): ImageMagick-7.0.7.34-150000.3.123.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): ImageMagick-7.0.7.34-150000.3.123.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): ImageMagick-7.0.7.34-150000.3.123.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing