VDB
CVE-2023-34475
CVE-2023-34475
PUBLISHED
In ImageMagick existieren mehrere Schwachstellen aufgrund von heap-based Buffer Overflows. Betroffen sind die Funktionen "ReadTIM2ImageData()" in "coders/tim2.c" und "ReplaceXmpValue()" in "MagickCore/profile.c". Ein Angreifer kann dies ausnutzen, um einen Denial of Service Zustand herbeizuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 0.02% · 7.3th percentile
Risk Scores
EPSS Score
0.02%
7.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux | |
| Fedora | Fedora Linux |
Timeline
- Jun 11, 2023 CVE Published
- Jun 17, 2023 EPSS Score
- Jul 22, 2023 EPSS Score
- Aug 22, 2023 CVE Updated
- Aug 27, 2023 EPSS Score
- Oct 1, 2023 EPSS Score
- Nov 6, 2023 EPSS Score
- Dec 11, 2023 EPSS Score
- Jan 15, 2024 EPSS Score
- Feb 20, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1417.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1417 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5120258393 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7a43301d55 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-edbdccae2a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-27548af422 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-July/015526.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2214149 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2214148 advisory