Lucene search

K

GoogleOSV:CVE-2023-34474

HistoryJun 16, 2023 - 8:15 p.m.

CVE-2023-34474

2023-06-1620:15:09

Google

osv.dev

8

imagemagick

readtim2imagedata

buffer overflow

denial of service

local attacker

out-of-bounds read

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.4%

A heap-based buffer overflow issue was discovered in ImageMagick’s ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

References

access.redhat.com/security/cve/CVE-2023-34474

bugzilla.redhat.com/show_bug.cgi?id=2214148

github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

32.4%

Related for OSV:CVE-2023-34474

prion1 ubuntucve1 cvelist1 redhatcve1 nessus3 nvd1 alpinelinux1 vulnrichment1 cve1 debiancve1 openvas3 osv1 fedora2