Search for vulnerabilities
Vulnerability details: VCID-awsg-gwr1-9ubp
Vulnerability ID VCID-awsg-gwr1-9ubp
Aliases CVE-2023-5341
Summary A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
Status Published
Exploitability 0.5
Weighted Severity 5.6
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 6.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5341.json
cvssv3.1 6.2 https://access.redhat.com/security/cve/CVE-2023-5341
ssvc Track* https://access.redhat.com/security/cve/CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2023-5341
cvssv3.1 6.2 https://bugzilla.redhat.com/show_bug.cgi?id=2241774
ssvc Track* https://bugzilla.redhat.com/show_bug.cgi?id=2241774
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.2 https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
ssvc Track* https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-5341
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5341.json
https://api.first.org/data/v1/epss?cve=CVE-2023-5341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5341
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/
aa673b2e4defc7cad5bec16c4fc8324f71e531f1 https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
CVE-2023-5341 https://access.redhat.com/security/cve/CVE-2023-5341
CVE-2023-5341 https://nvd.nist.gov/vuln/detail/CVE-2023-5341
show_bug.cgi?id=2241774 https://bugzilla.redhat.com/show_bug.cgi?id=2241774
USN-6621-1 https://usn.ubuntu.com/6621-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5341.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-5341
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-02T20:55:18Z/ Found at https://access.redhat.com/security/cve/CVE-2023-5341
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2241774
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-02T20:55:18Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2241774
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-02T20:55:18Z/ Found at https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5341
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08899
EPSS Score 0.00036
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:34:38.116077+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6621-1/ 37.0.0