Search for vulnerabilities
Vulnerability details: VCID-nac1-r84b-9bha
Vulnerability ID VCID-nac1-r84b-9bha
Aliases CVE-2023-1906
Summary A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-122 Heap-based Buffer Overflow
CWE-125 Out-of-bounds Read
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
cvssv3.1 5.5 https://access.redhat.com/security/cve/CVE-2023-1906
ssvc Track https://access.redhat.com/security/cve/CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2023-1906
cvssv3.1 5.5 https://bugzilla.redhat.com/show_bug.cgi?id=2185714
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2185714
cvssv3.1 6.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
ssvc Track https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
cvssv3.1 5.5 https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
ssvc Track https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
cvssv3.1 5.5 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
ssvc Track https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
cvssv3.1 5.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-1906
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
https://api.first.org/data/v1/epss?cve=CVE-2023-1906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5341
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1034373 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034373
6655G3GPS42WQM32DJHUCZALI2URQSCO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.1-4:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2023-1906 https://access.redhat.com/security/cve/CVE-2023-1906
CVE-2023-1906 https://nvd.nist.gov/vuln/detail/CVE-2023-1906
d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3 https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
e30c693b37c3b41723f1469d1226a2c814ca443d https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
GHSA-35q2-86c7-9247 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
show_bug.cgi?id=2185714 https://bugzilla.redhat.com/show_bug.cgi?id=2185714
USN-6200-1 https://usn.ubuntu.com/6200-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1906.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2023-1906
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://access.redhat.com/security/cve/CVE-2023-1906
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2185714
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T16:36:35Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1906
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.04273
EPSS Score 0.00022
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:43.198013+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6200-1/ 37.0.0