A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

An update of the ImageMagick package has been released.

The remote host is affected by the vulnerability described in GLSA-202405-02 (ImageMagick: Multiple Vulnerabilities)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads     to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-     accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File     Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of     service and information disclosure. (CVE-2022-0284)

  - A heap-buffer-overflow flaw was found in ImageMagick's PushShortPixel() function of quantum-private.h     file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to     ImageMagick for conversion, potentially leading to a denial of service. (CVE-2022-1115)

  - In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in     MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This     was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  - A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF     file, it could lead to undefined behavior or a crash causing a denial of service. (CVE-2022-3213)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

  - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),     the convert process could be left waiting for stdin input. (CVE-2022-44267)

  - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for     resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary     has permissions to read it). (CVE-2022-44268)

  - A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function     in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an     out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
    (CVE-2023-1906)

  - A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the     application crashing. (CVE-2023-2157)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - A vulnerability was found in ImageMagick. This security flaw causes a shell command injection     vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. (CVE-2023-34153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5628 advisory.

  - A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in     ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which     can lead to a crash and segmentation fault. (CVE-2021-3610)

  - A heap-buffer-overflow flaw was found in ImageMagick's PushShortPixel() function of quantum-private.h     file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to     ImageMagick for conversion, potentially leading to a denial of service. (CVE-2022-1115)

  - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a     segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to     a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When     ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file     contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of     size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will     generate about 10G. (CVE-2023-1289)

  - A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function     in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an     out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
    (CVE-2023-1906)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow     a local attacker to trick the user into opening a specially crafted file, resulting in an application     crash and denial of service. (CVE-2023-3428)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3737 advisory.

  - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a     segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to     a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When     ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file     contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of     size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will     generate about 10G. (CVE-2023-1289)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in     Magick::Draw. (CVE-2023-39978)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6621-1 advisory.

    It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An     attacker could exploit this to cause a denial of service.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d23b0f5e76 advisory.

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

  - A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of     service via the identify -help command. (CVE-2022-48541)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6f8c1d9005 advisory.

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

  - A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of     service via the identify -help command. (CVE-2022-48541)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4634-1 advisory.

  - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  - Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote     attackers to cause a denial of service via converting of crafted image file to pcx format.
    (CVE-2020-21679)

  - A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an     attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through     a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)

  - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in     MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of     representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to     an undefined behaviour or a crash. (CVE-2021-20224)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed     by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat     from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file     that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is     processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The     highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in     WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file     submitted to an application using ImageMagick. The highest threat from this vulnerability is to system     availability. (CVE-2021-20309)

  - A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in     sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image     file that is submitted by an attacker processed by an application using ImageMagick. The highest threat     from this vulnerability is to system availability. (CVE-2021-20311)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of     coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an     attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is     to system availability. (CVE-2021-20312)

  - A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate     signatures in TransformSignature is possible. The highest threat from this vulnerability is to data     confidentiality. (CVE-2021-20313)

  - A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-     accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File     Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of     service and information disclosure. (CVE-2022-0284)

  - In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in     MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This     was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  - ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. (CVE-2022-28463)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type     'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative     impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and     for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted     input is processed by ImageMagick, this causes a negative impact to application availability or other     problems related to undefined behavior. (CVE-2022-32547)

  - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),     the convert process could be left waiting for stdin input. (CVE-2022-44267)

  - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for     resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary     has permissions to read it). (CVE-2022-44268)

  - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a     segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to     a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When     ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file     contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of     size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will     generate about 10G. (CVE-2023-1289)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting     double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-     private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file,     triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of     service. (CVE-2023-3745)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1.30. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1856 advisory.

  - A vulnerability was found in ImageMagick where heap use-after-free was found in coders/bmp.c.
    (CVE-2023-5341) (CVE-2023-5341)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-379 advisory.

    2024-06-06: CVE-2021-20309 was added to this advisory.

    A flaw was found in ImageMagick, where a division by zero in WaveImage() of MagickCore/visual-effects.c     may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The     highest threat from this vulnerability is to system availability. (CVE-2021-20309)

    A vulnerability was found in ImageMagick where heap use-after-free was found in coders/bmp.c.
    (CVE-2023-5341)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2289 advisory.

  - A use after free vulnerability exists in ImageMagick. This vulnerability occurs in coders/bmp.c file.
    (CVE-2023-5341)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4050-1 advisory.

  - A use after free vulnerability exists in ImageMagick. This vulnerability occurs in coders/bmp.c file.
    (CVE-2023-5341)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4049-1 advisory.

  - A use after free vulnerability exists in ImageMagick. This vulnerability occurs in coders/bmp.c file.
    (CVE-2023-5341)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4008-1 advisory.

  - A use after free vulnerability exists in ImageMagick. This vulnerability occurs in coders/bmp.c file.
    (CVE-2023-5341)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Windows host has a version of ImageMagick installed that is prior to 7.1.1-19. It is, therefore, affected by a use-after-free vulnerability that can lead to a denial of service.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
204801	Photon OS 3.0: Imagemagick PHSA-2023-3.0-0697	Nessus	PhotonOS Local Security Checks	medium
204573	Photon OS 4.0: Imagemagick PHSA-2023-4.0-0524	Nessus	PhotonOS Local Security Checks	medium
203613	Photon OS 5.0: Imagemagick PHSA-2023-5.0-0164	Nessus	PhotonOS Local Security Checks	medium
194973	GLSA-202405-02 : ImageMagick: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
190896	Debian dsa-5628 : imagemagick - security update	Nessus	Debian Local Security Checks	high
190895	Debian dla-3737 : imagemagick - security update	Nessus	Debian Local Security Checks	medium
189915	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : ImageMagick vulnerability (USN-6621-1)	Nessus	Ubuntu Local Security Checks	medium
189384	Fedora 38 : ImageMagick (2024-d23b0f5e76)	Nessus	Fedora Local Security Checks	high
189310	Fedora 39 : ImageMagick (2024-6f8c1d9005)	Nessus	Fedora Local Security Checks	high
186519	SUSE SLES15 Security Update : ImageMagick (SUSE-SU-2023:4634-1)	Nessus	SuSE Local Security Checks	high
183851	Amazon Linux AMI : ImageMagick (ALAS-2023-1856)	Nessus	Amazon Linux Local Security Checks	medium
183827	Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2023-379)	Nessus	Amazon Linux Local Security Checks	high
183486	Amazon Linux 2 : ImageMagick (ALAS-2023-2289)	Nessus	Amazon Linux Local Security Checks	medium
183009	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:4050-1)	Nessus	SuSE Local Security Checks	medium
183006	SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2023:4049-1)	Nessus	SuSE Local Security Checks	medium
182799	openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:4008-1)	Nessus	SuSE Local Security Checks	medium
182680	ImageMagick < 7.1.1-19 Use-After-Free DoS	Nessus	Windows	medium

Detections

Analytics

CVE-2023-5341

medium

Tenable Plugins

medium

medium

medium

high

high

medium

medium

high

high

high

medium

high

medium

medium

medium

medium

medium