CVE-2023-3428

Public on 2023-06-29
Modified on 2024-02-10
Description

The upstream bug report describes this issue as follows:
"A vulnerability was found in ImageMagick <=7.1.1, where heap-based buffer overflow was found in coders/tiff.c."

Severity
Medium
See what this means
CVSS v3 Base Score
6.2
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 ImageMagick 2023-07-19 ALAS-2023-1781
Amazon Linux 2 - Core ImageMagick 2023-07-19 ALAS2-2023-2123
Amazon Linux 2023 ImageMagick 2023-07-19 ALAS2023-2023-249

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2023-3428 Mitre: CVE-2023-3428