Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r3w4-3nkn-3uh7
Summary
Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-j96m-mjp6-99xr. This link is maintained to preserve external references.

### Original Description
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
Aliases
0
alias GHSA-gv85-xg33-553c
Fixed_packages
Affected_packages
0
url pkg:nuget/Magick.NET-Q16-AnyCPU@12.3.0
purl pkg:nuget/Magick.NET-Q16-AnyCPU@12.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6vvv-g1fm-4bdn
1
vulnerability VCID-r3w4-3nkn-3uh7
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Magick.NET-Q16-AnyCPU@12.3.0
References
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176858
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2176858
1
reference_url https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
2
reference_url https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1289
reference_id CVE-2023-1289
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1289
4
reference_url https://github.com/advisories/GHSA-gv85-xg33-553c
reference_id GHSA-gv85-xg33-553c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv85-xg33-553c
5
reference_url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
reference_id GHSA-j96m-mjp6-99xr
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r3w4-3nkn-3uh7