VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2rs9-njqj-aaag

Essentials
Severities (107)
References (25)
Severity details (28)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-2rs9-njqj-aaag
Aliases	CVE-2023-1906
Summary	A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-787	Out-of-bounds Write
CWE-122	Heap-based Buffer Overflow
CWE-125	Out-of-bounds Read

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
cvssv3.1	5.5	https://access.redhat.com/security/cve/CVE-2023-1906
cvssv3.1	5.5	https://access.redhat.com/security/cve/CVE-2023-1906
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-1906
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00078	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
cvssv3.1	5.5	https://bugzilla.redhat.com/show_bug.cgi?id=2185714
cvssv3.1	5.5	https://bugzilla.redhat.com/show_bug.cgi?id=2185714
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2185714
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2185714
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
ssvc	Track	https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
ssvc	Track	https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
ssvc	Track	https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
ssvc	Track	https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
ssvc	Track	https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
ssvc	Track	https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
cvssv3.1	5.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
cvssv3.1	5.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2023-1906
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2023-1906

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
		https://access.redhat.com/security/cve/CVE-2023-1906
		https://api.first.org/data/v1/epss?cve=CVE-2023-1906
		https://bugzilla.redhat.com/show_bug.cgi?id=2185714
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3610
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1115
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1906
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34151
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3428
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5341
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
		https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
		https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
1034373		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034373
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
cpe:2.3:a:imagemagick:imagemagick::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick::::::::
cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2023-1906		https://nvd.nist.gov/vuln/detail/CVE-2023-1906
GLSA-202405-02		https://security.gentoo.org/glsa/202405-02
USN-6200-1		https://usn.ubuntu.com/6200-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-1906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-1906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://access.redhat.com/security/cve/CVE-2023-1906

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.03477
EPSS Score	0.00022
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.