GHSA-frgf-8jr5-j2jv

Source

https://github.com/advisories/GHSA-frgf-8jr5-j2jv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-frgf-8jr5-j2jv/GHSA-frgf-8jr5-j2jv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-frgf-8jr5-j2jv

Aliases

CVE-2023-5349

Published

2023-10-30T21:33:39Z

Modified

2025-11-04T22:29:46.164617Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

memory leak flaw was found in ruby-magick

Details

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400",
        "CWE-401"
    ],
    "nvd_published_at": "2023-10-30T21:15:07Z",
    "github_reviewed_at": "2023-10-31T19:41:15Z"
}

References

Affected packages

RubyGems / rmagick

Package

Name: rmagick
Purl: pkg:gem/rmagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.0

Affected versions

1.*

1.7.1

1.7.2

1.7.3

1.7.4

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

1.9.2

1.9.3

1.10.0

1.10.1

1.11.0

1.11.1

1.12.0

1.13.0

1.14.0

1.14.1

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.15.6

1.15.7

1.15.8

1.15.9

1.15.10

1.15.11

1.15.12

1.15.13

1.15.14

1.15.15

1.15.16

1.15.17

2.*

2.0.0

2.1.0

2.2.0

2.2.2

2.3.0

2.4.0

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.7.2

2.8.0

2.9.0

2.9.1

2.9.2

2.10.0

2.11.0

2.11.1

2.12.0

2.12.1

2.12.2

2.13.1

2.13.2

2.13.3.rc1

2.13.3

2.13.4

2.14.0

2.15.0

2.15.1

2.15.2

2.15.3

2.15.4

2.16.0

3.*

3.0.0

3.1.0

3.2.0

4.*

4.0.0

4.1.0.rc1

4.1.0.rc2

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.3.0

5.*

5.0.0

5.1.0

5.2.0