First published: Tue Jul 18 2023(Updated: )
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick ImageMagick | >=6.0<6.9-11-0 | |
ImageMagick ImageMagick | >=7.0.0-0<7.0.10-0 | |
redhat/ImageMagick6 6.9.11 | <0 | 0 |
redhat/ImageMagick 7.0.10 | <0 | 0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-3745.
The severity level of CVE-2023-3745 is medium.
The affected software for CVE-2023-3745 is ImageMagick6 6.9.11 and ImageMagick 7.0.10.
A local attacker can exploit CVE-2023-3745 by tricking the user into opening a specially crafted file, causing an out-of-bounds read error and crashing the application.
There are no known remedies for CVE-2023-3745 at the moment.