2214141 – (CVE-2023-3195) CVE-2023-3195 ImageMagick: stack overflow in coders/tiff.c while parsing malicious tiff file

Bug 2214141 (CVE-2023-3195) - CVE-2023-3195 ImageMagick: stack overflow in coders/tiff.c while parsing malicious tiff file

Summary: CVE-2023-3195 ImageMagick: stack overflow in coders/tiff.c while parsing mali...

Keywords:
Status:	NEW
Alias:	CVE-2023-3195
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2214142 2214143 2214144
Blocks:	2210818
TreeView+	depends on / blocked

Reported:	2023-06-12 04:46 UTC by TEJ RATHI
Modified:	2023-07-07 08:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:	ImageMagick 6.9.12-26, ImageMagick 7.1.0-11
Doc Type:	If docs needed, set a value
Doc Text:	A stack-based buffer overflow flaw was found in ImageMagick's coders/tiff.c. This issue can allow an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-06-12 04:46:23 UTC

Stack overflow with crafted tiff file in ImageMagick.

Reference:
https://www.openwall.com/lists/oss-security/2023/05/29/1

Upstream fix:
https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023
https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c

Comment 1 TEJ RATHI 2023-06-12 04:46:53 UTC

Created ImageMagick tracking bugs for this issue:

Affects: epel-8 [bug 2214144]
Affects: fedora-37 [bug 2214142]
Affects: fedora-38 [bug 2214143]

Note You need to log in before you can comment on or make changes to this bug.