CVE-2023-3745 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-3745

CVE-2023-3745

July 24, 2023

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

Related Resources (8)

https://github.com/ImageMagick/ImageMagick/commit/651672f19c75161a6159d9b6838fd3095b6c5304

https://access.redhat.com/security/cve/CVE-2023-3745

https://bugzilla.redhat.com/show_bug.cgi?id=2223557

https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b

https://github.com/ImageMagick/ImageMagick/commit/54cdc146bbe50018526770be201b56643ad58ba7

https://github.com/ImageMagick/ImageMagick/issues/1857

https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73

https://security-tracker.debian.org/tracker/CVE-2023-3745

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

EPSS

Base Score:

0.01

Products

Solutions

Resources

Company

Compare

Developer Tools