{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-34475","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-12-03T16:25:39.867Z","dateReserved":"2023-06-07T00:00:00.000Z","datePublished":"2023-06-16T00:00:00.000Z"},"containers":{"cna":{"affected":[{"product":"ImageMagick","vendor":"n/a","versions":[{"status":"affected","version":"7.1.1-10"}]}],"descriptions":[{"lang":"en","value":"A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 - Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-07-12T18:54:44.885Z"},"references":[{"url":"https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2214149"},{"url":"https://access.redhat.com/security/cve/CVE-2023-34475"},{"name":"FEDORA-2023-27548af422","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/"},{"name":"FEDORA-2023-edbdccae2a","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:10:07.114Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0","tags":["x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2214149","tags":["x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-34475","tags":["x_transferred"]},{"name":"FEDORA-2023-27548af422","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/"},{"name":"FEDORA-2023-edbdccae2a","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-03T16:25:17.808833Z","id":"CVE-2023-34475","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-03T16:25:39.867Z"}}]}}