CVE-2023-3195

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3195.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "Fixed in ImageMagick 6.9.12-26, ImageMagick 7.1.0-11"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-121"
    ],
    "cna_assigner": "redhat"
}

References

Affected packages

Git / github.com/imagemagick/imagemagick

Affected ranges

Type

GIT

Repo

https://github.com/imagemagick/imagemagick

Events

Introduced

9009707d09287d168057cb6018b37b68dd586775

Fixed

fa1d7e6f1d026d1d70072b04a57857afdb47c29a

Fixed

f620340935777b28fa3f7b0ed7ed6bd86946934c

Database specific

{
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "7.1.1-0"
        },
        {
            "fixed": "7.1.1-10"
        }
    ]
}

Affected versions

7.*

7.1.1-0

7.1.1-1

7.1.1-2

7.1.1-3

7.1.1-4

7.1.1-5

7.1.1-6

7.1.1-7

7.1.1-8

7.1.1-9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3195.json"

Git / github.com/imagemagick/imagemagick6

Affected ranges

Type

GIT

Repo

https://github.com/imagemagick/imagemagick6

Events

Introduced

Fixed

175f33e13311562f51ae7b1631af65bb0ee29676

Fixed

85a370c79afeb45a97842b0959366af5236e9023

Database specific

{
    "cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.9.12-26"
        }
    ]
}

Affected versions

6.*

6.9.10-0

6.9.10-1

6.9.10-10

6.9.10-11

6.9.10-12

6.9.10-13

6.9.10-14

6.9.10-15

6.9.10-16

6.9.10-17

6.9.10-18

6.9.10-19

6.9.10-2

6.9.10-20

6.9.10-21

6.9.10-22

6.9.10-23

6.9.10-24

6.9.10-25

6.9.10-26

6.9.10-27

6.9.10-28

6.9.10-29

6.9.10-3

6.9.10-30

6.9.10-31

6.9.10-32

6.9.10-33

6.9.10-34

6.9.10-35

6.9.10-36

6.9.10-37

6.9.10-38

6.9.10-39

6.9.10-4

6.9.10-40

6.9.10-41

6.9.10-42

6.9.10-43

6.9.10-44

6.9.10-45

6.9.10-46

6.9.10-47

6.9.10-48

6.9.10-49

6.9.10-5

6.9.10-50

6.9.10-51

6.9.10-52

6.9.10-53

6.9.10-54

6.9.10-55

6.9.10-56

6.9.10-57

6.9.10-58

6.9.10-59

6.9.10-6

6.9.10-60

6.9.10-61

6.9.10-62

6.9.10-63

6.9.10-64

6.9.10-65

6.9.10-66

6.9.10-67

6.9.10-68

6.9.10-69

6.9.10-7

6.9.10-70

6.9.10-71

6.9.10-72

6.9.10-73

6.9.10-74

6.9.10-75

6.9.10-77

6.9.10-78

6.9.10-79

6.9.10-8

6.9.10-80

6.9.10-81

6.9.10-82

6.9.10-83

6.9.10-84

6.9.10-85

6.9.10-86

6.9.10-87

6.9.10-88

6.9.10-89

6.9.10-9

6.9.10-90

6.9.10-91

6.9.10-92

6.9.10-93

6.9.10-94

6.9.10-95

6.9.10-96

6.9.10-97

6.9.11-0

6.9.11-1

6.9.11-10

6.9.11-11

6.9.11-12

6.9.11-13

6.9.11-14

6.9.11-15

6.9.11-16

6.9.11-17

6.9.11-18

6.9.11-19

6.9.11-2

6.9.11-20

6.9.11-21

6.9.11-22

6.9.11-23

6.9.11-24

6.9.11-25

6.9.11-26

6.9.11-27

6.9.11-28

6.9.11-29

6.9.11-3

6.9.11-30

6.9.11-31

6.9.11-32

6.9.11-33

6.9.11-34

6.9.11-35

6.9.11-36

6.9.11-37

6.9.11-38

6.9.11-39

6.9.11-4

6.9.11-40

6.9.11-41

6.9.11-42

6.9.11-43

6.9.11-44

6.9.11-45

6.9.11-46

6.9.11-47

6.9.11-48

6.9.11-49

6.9.11-5

6.9.11-50

6.9.11-51

6.9.11-52

6.9.11-53

6.9.11-54

6.9.11-55

6.9.11-56

6.9.11-57

6.9.11-59

6.9.11-6

6.9.11-60

6.9.11-61

6.9.11-62

6.9.11-7

6.9.11-8

6.9.11-9

6.9.12-0

6.9.12-1

6.9.12-10

6.9.12-11

6.9.12-12

6.9.12-14

6.9.12-15

6.9.12-16

6.9.12-17

6.9.12-18

6.9.12-19

6.9.12-2

6.9.12-20

6.9.12-21

6.9.12-22

6.9.12-23

6.9.12-24

6.9.12-25

6.9.12-3

6.9.12-4

6.9.12-5

6.9.12-6

6.9.12-7

6.9.12-8

6.9.12-9

6.9.4-0

6.9.4-1

6.9.4-10

6.9.4-2

6.9.4-3

6.9.4-4

6.9.4-5

6.9.4-6

6.9.4-7

6.9.4-8

6.9.4-9

6.9.5-0

6.9.5-1

6.9.5-10

6.9.5-2

6.9.5-3

6.9.5-4

6.9.5-5

6.9.5-6

6.9.5-7

6.9.5-8

6.9.5-9

6.9.6-0

6.9.6-1

6.9.6-2

6.9.6-3

6.9.6-4

6.9.6-5

6.9.6-6

6.9.6-7

6.9.6-8

6.9.7-0

6.9.7-1

6.9.7-10

6.9.7-2

6.9.7-3

6.9.7-4

6.9.7-5

6.9.7-6

6.9.7-7

6.9.7-8

6.9.7-9

6.9.8-0

6.9.8-1

6.9.8-10

6.9.8-2

6.9.8-3

6.9.8-4

6.9.8-5

6.9.8-6

6.9.8-7

6.9.8-8

6.9.8-9

6.9.9-0

6.9.9-1

6.9.9-10

6.9.9-11

6.9.9-12

6.9.9-13

6.9.9-14

6.9.9-15

6.9.9-17

6.9.9-18

6.9.9-19

6.9.9-2

6.9.9-20

6.9.9-21

6.9.9-22

6.9.9-23

6.9.9-24

6.9.9-25

6.9.9-26

6.9.9-27

6.9.9-28

6.9.9-29

6.9.9-3

6.9.9-30

6.9.9-31

6.9.9-32

6.9.9-33

6.9.9-34

6.9.9-35

6.9.9-36

6.9.9-37

6.9.9-38

6.9.9-39

6.9.9-4

6.9.9-40

6.9.9-41

6.9.9-42

6.9.9-43

6.9.9-44

6.9.9-45

6.9.9-46

6.9.9-47

6.9.9-48

6.9.9-49

6.9.9-5

6.9.9-50

6.9.9-51

6.9.9-6

6.9.9-7

6.9.9-8

6.9.9-9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3195.json"