CVE-2023-3428

Imagemagick: heap-buffer-overflow in coders/tiff.c

Published: 10/4/2023 Last updated: 11/20/2025 Reserved: 6/27/2023

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.2	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (0)

No product listed.

References (8)

https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369
https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369
https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369
https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369

Credits (2)

Red Hat would like to thank Hardik shah of Vehere (Dawn Treaders team) for reporting this issue.
Red Hat would like to thank Hardik shah of Vehere (Dawn Treaders team) for reporting this issue.