CVE-2023-3428

2023-10-0419:15:10

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-3428

imagemagick

buffer overflow

coders/tiff.c

denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

10.3%

JSON

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

Affected configurations

Nvd

Node

imagemagickimagemagickRange<7.1.1-19

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

fedoraprojectfedoraMatch-

VendorProductVersionCPE
imagemagickimagemagick*cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
fedoraprojectextra_packages_for_enterprise_linux8.0cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
fedoraprojectfedora-cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
imagemagick	imagemagick	*	cpe:2.3:a:imagemagick:imagemagick::::::::
fedoraproject	extra_packages_for_enterprise_linux	8.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
fedoraproject	fedora	-	cpe:2.3:o:fedoraproject:fedora:-:::::::*