VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-nac1-r84b-9bha

Essentials
Severities (34)
References (23)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-nac1-r84b-9bha
Aliases	CVE-2023-1906
Summary	A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-122	Heap-based Buffer Overflow
CWE-125	Out-of-bounds Read
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
cvssv3.1	5.5	https://access.redhat.com/security/cve/CVE-2023-1906
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2023-1906
cvssv3.1	5.5	https://bugzilla.redhat.com/show_bug.cgi?id=2185714
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2185714
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
ssvc	Track	https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
ssvc	Track	https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
cvssv3.1	5.5	https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
ssvc	Track	https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
cvssv3.1	5.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2023-1906

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-1906
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3610
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1115
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1906
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34151
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3428
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5341
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1034373		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034373
6655G3GPS42WQM32DJHUCZALI2URQSCO		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
cpe:2.3:a:imagemagick:imagemagick::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick::::::::
cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2023-1906		https://access.redhat.com/security/cve/CVE-2023-1906
CVE-2023-1906		https://nvd.nist.gov/vuln/detail/CVE-2023-1906
d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3		https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
e30c693b37c3b41723f1469d1226a2c814ca443d		https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
GHSA-35q2-86c7-9247		https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
show_bug.cgi?id=2185714		https://bugzilla.redhat.com/show_bug.cgi?id=2185714
USN-6200-1		https://usn.ubuntu.com/6200-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-1906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://access.redhat.com/security/cve/CVE-2023-1906

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.04273
EPSS Score	0.00022
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:43:43.198013+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/6200-1/	37.0.0