Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-34475

Опубликовано: 01 июн. 2023
Источник: redhat
CVSS3: 5.5

Описание

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

A heap use-after-free vulnerability was found in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. This flaw allows an attacker to trick a user into opening a specially crafted file to convert, triggering a heap use-after-free write error, and allowing an application to crash, resulting in a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickNot affected
Red Hat Enterprise Linux 7ImageMagickNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2214149ImageMagick: heap use-after-free issue in ReplaceXmpValue() function in MagickCore/profile.c.

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-34475

CVSS3: 5.5
ubuntu
больше 2 лет назад

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

nvd логотип

CVE-2023-34475

CVSS3: 5.5
nvd
больше 2 лет назад

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

debian логотип

CVE-2023-34475

CVSS3: 5.5
debian
больше 2 лет назад

A heap use after free issue was discovered in ImageMagick's ReplaceXmp ...

github логотип

GHSA-mcff-wj2q-69j3

CVSS3: 5.5
github
больше 2 лет назад

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

fstec логотип

BDU:2024-01901

CVSS3: 5.5
fstec
почти 2 года назад

Уязвимость функции ReplaceXmpValue() (MagickCore/profile.c) консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3