A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file. It seems that this error affects a lot of websites and causes a generating trash files in /tmp when uploading this PC file to the server. I think it's better to check the file descriptor coming from itself before executing read(). Refeners: Security issues: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr Fix commit: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 2176860] Affects: fedora-36 [bug 2176861] Affects: fedora-37 [bug 2176863]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-1289