CVE-2023-3428

Imagemagick: heap-buffer-overflow in coders/tiff.c

Published: 10/4/2023 Last updated: 11/20/2025 Reserved: 6/27/2023

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.2	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (4)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	19c
Red Hat Enterprise Linux 6	Red Hat	<= 7.0.9
Red Hat Enterprise Linux 7	Red Hat	< 125.0.6422.141

References (8)

Credits (2)

Red Hat would like to thank Hardik shah of Vehere (Dawn Treaders team) for reporting this issue.
Red Hat would like to thank Hardik shah of Vehere (Dawn Treaders team) for reporting this issue.