CVE-2023-5349

NameCVE-2023-5349
DescriptionA memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3625-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-rmagick (PTS)buster2.16.0-6vulnerable
buster (security)2.16.0-6+deb10u1fixed
bullseye2.16.0-7vulnerable
bookworm4.2.3-2vulnerable
sid, trixie5.3.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-rmagicksourcebuster2.16.0-6+deb10u1DLA-3625-1
ruby-rmagicksource(unstable)5.3.0-1

Notes

[bookworm] - ruby-rmagick <no-dsa> (Minor issue)
[bullseye] - ruby-rmagick <no-dsa> (Minor issue)
https://github.com/rmagick/rmagick/pull/1406
https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a (RMagick_5-3-0)
Search for package or bug name: Reporting problems