First published: Mon May 29 2023(Updated: )
A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to size_t in svg, mvg and other coders.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <7.1.1.11 | |
Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
ImageMagick ImageMagick | <7.1.1-11 | |
Debian Debian Linux | =10.0 | |
debian/imagemagick | 8:6.9.11.60+dfsg-1.3+deb11u4 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u2 8:6.9.11.60+dfsg-1.6+deb12u1 8:7.1.1.39+dfsg1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-34151 is medium.
The vulnerability in ImageMagick occurs as undefined behavior of casting double to size_t in svg, mvg, and other coders.
ImageMagick versions up to 7.1.1.11, Fedoraproject Extra Packages For Enterprise Linux 8.0, Fedoraproject Fedora 37 and 38, Redhat Enterprise Linux 6.0 and 7.0 are affected by CVE-2023-34151.
You can find more information about CVE-2023-34151 on the CVE website (https://www.cve.org/CVERecord?id=CVE-2023-34151) and the NVD website (https://nvd.nist.gov/vuln/detail/CVE-2023-34151).
To fix the vulnerability in ImageMagick, it is recommended to update to a version that includes the security patch.