{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-34474","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-08-02T16:10:07.299Z","dateReserved":"2023-06-07T00:00:00.000Z","datePublished":"2023-06-16T00:00:00.000Z"},"containers":{"cna":{"affected":[{"product":"ImageMagick","vendor":"n/a","versions":[{"status":"affected","version":"7.1.1-10"}]}],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"CWE-122 - Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-07-12T18:55:56.633Z"},"references":[{"url":"https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2214148"},{"url":"https://access.redhat.com/security/cve/CVE-2023-34474"},{"name":"FEDORA-2023-27548af422","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/"},{"name":"FEDORA-2023-edbdccae2a","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-12T19:42:10.758164Z","id":"CVE-2023-34474","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-12T19:42:24.171Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:10:07.299Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0","tags":["x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2214148","tags":["x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-34474","tags":["x_transferred"]},{"name":"FEDORA-2023-27548af422","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/"},{"name":"FEDORA-2023-edbdccae2a","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/"}]}]}}