Veracode Vulnerability DatabaseVERACODE:41061Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
21.4%
ImageMagick is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a stack-based buffer overflow in tiff.c which allows an attacker to cause an application crash.
References
access.redhat.com/security/cve/CVE-2023-3195
bugzilla.redhat.com/show_bug.cgi?id=2214141
github.com/advisories/GHSA-4f76-c3p6-5cgx
github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c
github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
lists.fedoraproject.org/archives/list/[email protected]/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/
lists.fedoraproject.org/archives/list/[email protected]/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
www.openwall.com/lists/oss-security/2023/05/29/1
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
21.4%