CVE-2023-1289: Segmentation Fault Vulnerability in ImageMagick Due to Specially Crafted SVG Files Leads to Denial of Service

A vulnerability (CVE-2023-1289) was recently discovered in ImageMagick, a popular software suite used for displaying, converting, and editing raster image and vector image files. This vulnerability allows a remote attacker to cause a segmentation fault, generating many trash files in the "/tmp" directory, leading to a denial of service.

Exploit Details

The vulnerability lies in ImageMagick's handling of SVG files, where a specially created SVG file can cause a segmentation fault when it tries to load itself. This flaw can lead to a remote attacker passing a malicious SVG file to ImageMagick, leading to a subsequent system crash.

When ImageMagick crashes, it creates a significant number of trash files. These trash files can be very large, especially if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size 't', ImageMagick generates files of size 103*t. For example, if an attacker uploads a 100M SVG file, the server will generate approximately 10G of trash files.

To demonstrate the exploit, let's consider a simple SVG file

<?xml version="1."?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">;
<svg xmlns="http://www.w3.org/200/svg"; version="1.1"
     xmlns:xlink="http://www.w3.org/1999/xlink"; width="100%" height="100%"
     viewBox="  100 100" preserveAspectRatio="xMidYMid meet">
  <image xlink:href="/tmp/evil.svg" x="" y="" width="100" height="100"/>
</svg>

The above SVG file tries to load '/tmp/evil.svg', which is itself. The process will lead to a segmentation fault.

Original References

1. ImageMagick's official GitHub repository: https://github.com/ImageMagick/ImageMagick
2. The ImageMagick vulnerability issue on the GitHub repository: https://github.com/ImageMagick/ImageMagick/issues/1289
3. The official CVE report: https://nvd.nist.gov/vuln/detail/CVE-2023-1289

Mitigation

Users are encouraged to update their ImageMagick version to the latest available release to mitigate this vulnerability. In addition, users can limit the maximum size of images processed by ImageMagick, which could minimize the attack surface for denial of service attacks.

In Conclusion

The CVE-2023-1289 vulnerability in ImageMagick shows how a seemingly harmless file format such as SVG can lead to severe issues like denial of service. Users are strongly advised to keep their software up-to-date to avoid such problems. By paying attention to security best practices, we can limit the potential impact of vulnerabilities on our systems.

Timeline

Published on: 03/23/2023 20:15:00 UTC
Last modified on: 03/30/2023 15:07:00 UTC