CVE-2023-5349 — Missing Release of Memory after Effective Lifetime in Ruby-rmagick

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 90.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rmagick Debian Ruby-rmagick Fedoraproject Fedora

Timeline

PublishedOct 30

Latest updateAug 14

Description

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/ruby-rmagick< ruby-rmagick 2.16.0-7+deb11u1 (bullseye)

▶NVDrmagick/rmagick< 5.3.0

▶RubyGemsrmagick/rmagick< 5.3.0

Also affects: Fedora 37

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

memory leak flaw was found in ruby-magick↗2023-10-30

▶

OSV

CVE-2023-5349: A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick↗2023-10-30

▶

OSV

memory leak flaw was found in ruby-magick↗2023-10-30

▶

📋Vendor Advisories

Ubuntu

RMagick vulnerability↗2024-08-14

▶

Red Hat

rubygem-rmagick: Memory leak by Magick::Draw while calling GetDrawInfo()↗2023-07-07

▶

Debian

CVE-2023-5349: ruby-rmagick - A memory leak flaw was found in ruby-magick, an interface between Ruby and Image...↗2023

▶