CVE-2023-34475

2023-06-1620:15:09

Alpine Linux Development Team

security.alpinelinux.org

imagemagick

heap-use-after-free

denial of service

unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.1%

JSON

A heap use after free issue was discovered in ImageMagick’s ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

OSVersionArchitecturePackageVersionFilename
Alpine3.18-communitynoarchimagemagick= 7.1.1.13-r1UNKNOWN
Alpine3.19-communitynoarchimagemagick= 7.1.1.32-r0UNKNOWN
Alpine3.20-communitynoarchimagemagick= 7.1.1.32-r2UNKNOWN
Alpineedge-communitynoarchimagemagick= 7.1.1.38-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.18-community	noarch	imagemagick	= 7.1.1.13-r1	UNKNOWN
Alpine	3.19-community	noarch	imagemagick	= 7.1.1.32-r0	UNKNOWN
Alpine	3.20-community	noarch	imagemagick	= 7.1.1.32-r2	UNKNOWN
Alpine	edge-community	noarch	imagemagick	= 7.1.1.38-r0	UNKNOWN