GHSA-gv85-xg33-553c

Suggest an improvement
Source
https://github.com/advisories/GHSA-gv85-xg33-553c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-gv85-xg33-553c/GHSA-gv85-xg33-553c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gv85-xg33-553c
Related
Withdrawn
2026-03-12T20:29:55Z
Published
2023-03-23T21:30:20Z
Modified
2026-03-14T06:58:52.593820Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Duplicate Advisory: ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-j96m-mjp6-99xr. This link is maintained to preserve external references.

Original Description

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-12T20:29:55Z",
    "severity": "MODERATE",
    "nvd_published_at": "2023-03-23T20:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

NuGet / Magick.NET-Q16-AnyCPU

Package

Name
Magick.NET-Q16-AnyCPU
View open source insights on deps.dev
Purl
pkg:nuget/Magick.NET-Q16-AnyCPU

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.0.0

Affected versions

6.*
6.8.8.1001
6.8.9.1
6.8.9.2
6.8.9.101
6.8.9.401
6.8.9.501
6.8.9.601
7.*
7.0.0.1
7.0.0.2
7.0.0.3
7.0.0.4
7.0.0.5
7.0.0.6
7.0.0.7
7.0.0.8
7.0.0.9
7.0.0.10
7.0.0.11
7.0.0.12
7.0.0.13
7.0.0.14
7.0.0.15
7.0.0.16
7.0.0.17
7.0.0.18
7.0.0.19
7.0.0.20
7.0.0.21
7.0.0.22
7.0.0.101
7.0.0.102
7.0.0.103
7.0.0.104
7.0.1
7.0.1.100
7.0.1.101
7.0.1.500
7.0.2.100
7.0.2.400
7.0.2.600
7.0.2.900
7.0.2.901
7.0.2.902
7.0.3
7.0.3.1
7.0.3.300
7.0.3.500
7.0.3.501
7.0.3.502
7.0.3.901
7.0.3.902
7.0.4.100
7.0.4.400
7.0.4.700
7.0.4.701
7.0.5.500
7.0.5.501
7.0.5.502
7.0.5.800
7.0.5.900
7.0.6
7.0.6.100
7.0.6.101
7.0.6.102
7.0.6.600
7.0.6.601
7.0.6.1000
7.0.6.1001
7.0.6.1002
7.0.7
7.0.7.300
7.0.7.700
7.0.7.900
7.1.0
7.2.0
7.2.1
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.5.0
7.5.0.1
7.6.0
7.6.0.1
7.7.0
7.8.0
7.9.0
7.9.0.1
7.9.0.2
7.9.1
7.9.2
7.10.0
7.10.1
7.10.2
7.11.0
7.11.1
7.12.0
7.13.0
7.13.1
7.14.0
7.14.0.1
7.14.0.2
7.14.0.3
7.14.1
7.14.2
7.14.3
7.14.4
7.14.5
7.15.0
7.15.0.1
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.16.0
7.16.1
7.17.0
7.17.0.1
7.18.0
7.19.0
7.19.0.1
7.20.0
7.20.0.1
7.21.0
7.21.1
7.22.0
7.22.1
7.22.2
7.22.2.1
7.22.2.2
7.22.3
7.23.0
7.23.1
7.23.2
7.23.2.1
7.23.3
7.23.4
7.24.0
7.24.1
8.*
8.0.0
8.0.1
8.1.0
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.5.0
8.6.0
8.6.1
9.*
9.0.0
9.1.0
9.1.1
9.1.2
10.*
10.0.0
10.1.0
11.*
11.0.0
11.1.0
11.1.1
11.1.2
11.2.0
11.2.1
11.3.0
12.*
12.0.0
12.0.1
12.1.0
12.2.0
12.2.1
12.2.2
12.3.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-gv85-xg33-553c/GHSA-gv85-xg33-553c.json"
last_known_affected_version_range 
"<= 12.3.0"