CVE-2023-3428 — Heap-based Buffer Overflow in Imagemagick

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 94.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Fedoraproject Extra Packages FOR Enterprise Linux

Timeline

PublishedOct 4

Description

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDimagemagick/imagemagick< 7.1.1-19

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u3+3

▶NVDfedoraproject/extra_packages8.0

🔴Vulnerability Details

OSV

CVE-2023-3428: A heap-based buffer overflow vulnerability was found in coders/tiff↗2023-10-04

▶

CVEList

Imagemagick: heap-buffer-overflow in coders/tiff.c↗2023-10-04

▶

GHSA

GHSA-c2rg-gpv2-725v: A heap-based buffer overflow vulnerability was found in coders/tiff↗2023-10-04

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2023-07-04

▶

Red Hat

ImageMagick: heap-buffer-overflow in coders/tiff.c↗2023-06-27

▶

Debian

CVE-2023-3428: imagemagick - A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageM...↗2023

▶