First published: Wed Jun 28 2023(Updated: )
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | <7.1.1-19 | |
Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
Fedoraproject Fedora | ||
redhat/ImageMagick 7.1.1 | <19 | 19 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+ | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+ |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5 | 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1 | 8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1 |
ubuntu/imagemagick | <8:6.9.11.60+dfsg-1.6ubuntu1 | 8:6.9.11.60+dfsg-1.6ubuntu1 |
debian/imagemagick | <=8:6.9.11.60+dfsg-1.3+deb11u2<=8:6.9.11.60+dfsg-1.6 | 8:6.9.10.23+dfsg-2.1+deb10u1 8:6.9.10.23+dfsg-2.1+deb10u7 8:6.9.11.60+dfsg-1.3+deb11u3 8:6.9.11.60+dfsg-1.6+deb12u1 8:6.9.12.98+dfsg1-5 8:6.9.12.98+dfsg1-5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this heap-based buffer overflow vulnerability is CVE-2023-3428.
You can find more information about this vulnerability in the references section of the vulnerability details.
The severity rating of CVE-2023-3428 is medium.
ImageMagick 7.1.1 and Fedora Project Extra Packages For Enterprise Linux 8.0 are affected by this vulnerability.
An attacker can trick the user into opening a specially crafted file, resulting in an application crash and denial of service.