Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-3195

Опубликовано: 16 июн. 2023
Источник: debian
EPSS Низкий

Описание

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.12.98+dfsg1-2package
imagemagicknot-affectedbookwormpackage
imagemagicknot-affectedbullseyepackage
imagemagicknot-affectedbusterpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2023/05/29/1

  • ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26)

  • ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c (7.1.0-11)

  • Introduced by: https://github.com/ImageMagick/ImageMagick6/commit/f90a091c7dd12cc53b0999bf49d1c80651534eea (6.9.12-20)

  • ReIntroduced (regression) by 6.9.12-55 https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773

EPSS

Процентиль: 4%
0.00019
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-3195

CVSS3: 5.5
ubuntu
больше 2 лет назад

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

redhat логотип

CVE-2023-3195

CVSS3: 5.5
redhat
больше 2 лет назад

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

nvd логотип

CVE-2023-3195

CVSS3: 5.5
nvd
больше 2 лет назад

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

suse-cvrf логотип

SUSE-SU-2023:2870-1

suse-cvrf
больше 2 лет назад

Security update for ImageMagick

github логотип

GHSA-4f76-c3p6-5cgx

CVSS3: 5.5
github
больше 2 лет назад

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

EPSS

Процентиль: 4%
0.00019
Низкий