Moderate severityNVD Advisory· Published Oct 30, 2023· Updated Jan 5, 2026
Draw while calling getdrawinfo()
CVE-2023-5349
Description
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rmagickRubyGems | < 5.3.0 | 5.3.0 |
Affected products
3- cpe:/a:redhat:red_hat_3scale_amp:2
- Fedora/Fedorav5
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-frgf-8jr5-j2jvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-5349ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-5349ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/rmagick/rmagick/commit/02f37ca0d6c2b8fff316e0668efa690f5c90a429ghsaWEB
- github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64aghsaWEB
- github.com/rmagick/rmagick/issues/1401ghsaWEB
- github.com/rmagick/rmagick/pull/1406ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rmagick/CVE-2023-5349.ymlghsaWEB
- lists.debian.org/debian-lts-announce/2023/10/msg00030.htmlghsaWEB
- lists.debian.org/debian-lts-announce/2026/01/msg00003.htmlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3XMQ2KWPYGT447EKPENGXXHKAQ5NUWFghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3XMQ2KWPYGT447EKPENGXXHKAQ5NUWF/mitre
News mentions
0No linked articles in our index yet.