CVE-2023-34151Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound12 documents7 sources
Severity
5.5MEDIUMNVD
CNA7.8OSV7.8
EPSS
0.1%
top 78.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ImagemagickDebian LinuxFedoraproject Extra Packages FOR Enterprise Linux+2 more
Timeline
PublishedMay 30
Latest updateApr 16

Description

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDimagemagick/imagemagick< 7.1.1-11
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u3+3
Ubuntuimagemagick/imagemagick< 8:6.9.10.23+dfsg-2.1ubuntu11.9+6
CVEListV5imagemagick/imagemagickImageMagick-6.7

Also affects: Debian Linux 10.0, Fedora 37, 38, Enterprise Linux 6.0, 7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
imagemagick regression2025-04-16
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
GHSA
GHSA-cm6m-2vvh-cxc6: A vulnerability was found in ImageMagick2023-05-31
CVEList
CVE-2023-34151: A vulnerability was found in ImageMagick2023-05-30

📋Vendor Advisories

5
Ubuntu
ImageMagick regression2025-04-16
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Red Hat
ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders2023-05-29
Debian
CVE-2023-34151: imagemagick - A vulnerability was found in ImageMagick. This security flaw ouccers as an undef...2023
CVE-2023-34151 — Integer Overflow or Wraparound | cvebase