Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3195: fix stack overflow when parsing malicious tiff image · ImageMagick/ImageMagick@f620340

A stack-based buffer overflow issue was found in ImageMagick’s coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

CVE
#dos#buffer_overflow

Expand Up

@@ -2001,6 +2001,11 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,

if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)

ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");

extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));

#if defined(TIFF_VERSION_BIG)

extent+=image->columns*sizeof(uint64);

#else

extent+=image->columns*sizeof(uint32);

#endif

tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,

sizeof(*tile_pixels));

if (tile_pixels == (unsigned char *) NULL)

Expand Down

Related news

Ubuntu Security Notice USN-6200-2

Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.

Ubuntu Security Notice USN-6200-1

Ubuntu Security Notice 6200-1 - It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907