cve/2023/CVE-2023-1289.md

### [CVE-2023-1289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289)
![](https://img.shields.io/static/v1?label=Product&message=ImageMagick&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20-%20Improper%20Input%20Validation&color=brighgreen)

### Description

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

### POC

#### Reference
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-1289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289)`
			`![](https://img.shields.io/static/v1?label=Product&message=ImageMagick&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20-%20Improper%20Input%20Validation&color=brighgreen)`

			`### Description`

			A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

			`### POC`

			`#### Reference`
			`- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`