CVE-2023-1906
Description
Heap-based buffer overflow in ImageMagick's ImportMultiSpectralQuantum() allows denial of service via crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer overflow in ImageMagick's ImportMultiSpectralQuantum() allows denial of service via crafted file.
Vulnerability
A heap-based buffer overflow vulnerability exists in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker can trigger an out-of-bounds read by providing a specially crafted file to the convert utility. This issue affects versions prior to the fix, including those shipped in Fedora and EPEL-8 [1]. RHEL-6 and RHEL-7 are not affected as the vulnerable code is not present [1].
Exploitation
No authentication is required; the attacker only needs to convince a user to process a malicious file with ImageMagick. The crafted file, when parsed, causes the ImportMultiSpectralQuantum() to read beyond the allocated heap buffer, leading to a crash.
Impact
Successful exploitation results in a denial of service (DoS) due to application crash. No code execution or privilege escalation has been reported; the impact is limited to availability loss.
Mitigation
The issue is fixed in commit d7a8bdd [4]. Users should update ImageMagick to a version containing this patch. Red Hat has acknowledged the issue for Fedora and EPEL-8; updates may be available through respective package managers [1]. No workarounds are documented.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords4 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4
< 7.1.0.9-150400.6.18.1+ 3 more
- (no CPE)range: < 7.1.0.9-150400.6.18.1
- (no CPE)range: < 7.1.1.6-1.1
- (no CPE)range: < 7.1.0.9-150400.6.18.1
- (no CPE)range: < 7.1.0.9-150400.6.18.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A heap-based buffer overflow occurs in the ImportMultiSpectralQuantum() function due to improper handling of input data."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted file to the `convert` utility. This crafted file will cause an out-of-bounds read error within the ImportMultiSpectralQuantum() function. This error can lead to an application crash, resulting in a denial of service.
Affected code
The vulnerability resides in the ImportMultiSpectralQuantum() function, located in the file MagickCore/quantum-import.c. This function is responsible for importing multi-spectral quantum data and is where the out-of-bounds read error is triggered.
What the fix does
The advisory indicates that the issue has been addressed in ImageMagick versions 6.9.12-84 and 7.1.1-6. Users are strongly advised to update their ImageMagick installations to these patched versions to mitigate the risk. The exact code changes are not detailed in the provided information, but updating to the specified versions is the recommended remediation.
Preconditions
- inputThe attacker must be able to provide a specially crafted file to the ImageMagick `convert` utility.
Generated on Jun 8, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO/mitrevendor-advisory
- access.redhat.com/security/cve/CVE-2023-1906mitre
- bugzilla.redhat.com/show_bug.cgimitre
- github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3mitre
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247mitre
- github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443dmitre
News mentions
0No linked articles in our index yet.