Lucene search

Veracode Vulnerability DatabaseVERACODE:41061

HistoryJun 28, 2023 - 10:51 a.m.

Denial Of Service (DoS)

2023-06-2810:51:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

imagemagick

tiff.c

buffer overflow

vulnerability

application crash

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.2%

JSON

ImageMagick is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a stack-based buffer overflow in tiff.c which allows an attacker to cause an application crash.

References

access.redhat.com/security/cve/CVE-2023-3195

bugzilla.redhat.com/show_bug.cgi?id=2214141

github.com/advisories/GHSA-4f76-c3p6-5cgx

github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c

github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

lists.fedoraproject.org/archives/list/[email protected]/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/

lists.fedoraproject.org/archives/list/[email protected]/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

www.openwall.com/lists/oss-security/2023/05/29/1

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.2%

JSON

Related for VERACODE:41061