CVE-2023-3428

Imagemagick: heap-buffer-overflow in coders/tiff.c

Published: 10/4/2023 Last updated: 11/20/2025 Reserved: 6/27/2023

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.2	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	< c40d6b3249b11d60e09d81530588f56233d9aa44

References (8)

https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369
https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369
https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369
https://access.redhat.com/security/cve/CVE-2023-3428
https://bugzilla.redhat.com/show_bug.cgi?id=2218369

Credits (2)

Red Hat would like to thank Hardik shah of Vehere (Dawn Treaders team) for reporting this issue.
Red Hat would like to thank Hardik shah of Vehere (Dawn Treaders team) for reporting this issue.