CVE-2023-1906

Summary

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aImageMagickFixed in ImageMagick v6.9.12-84, v 7.1.1-6.affected

Weaknesses

  • CWE-122: CWE-122 - Heap-based Buffer Overflow, CWE-125 - Out-of-bounds Read.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References