CVE-2023-5349

Exploit

EPSS 0.03%
Veröffentlicht 30.10.2023 21:15:07
Zuletzt bearbeitet 05.01.2026 19:15:55
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Draw while calling getdrawinfo()

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rmagick ≫ Rmagick SwPlatformruby Version < 5.3.0

Fedoraproject ≫ Fedora Version37

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
secalert@redhat.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://access.redhat.com/security/cve/CVE-2023-5349

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2247064

Third Party Advisory

Issue Tracking

https://github.com/rmagick/rmagick/issues/1401

Third Party Advisory

Exploit

Issue Tracking

https://github.com/rmagick/rmagick/pull/1406

Patch

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3XMQ2KWPYGT447EKPENGXXHKAQ5NUWF/