CVE Catalog

CVE-2023-39978

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

Risk Assessment

Attackers can exploit this vulnerability to exhaust memory resources, potentially leading to service unavailability for applications using ImageMagick.

Recommendation

It is recommended to upgrade ImageMagick to version 6.9.12-91 or later to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS