CVE-2023-3195
Description
Stack-based buffer overflow in ImageMagick's TIFF coder allows denial of service via crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in ImageMagick's TIFF coder allows denial of service via crafted file.
Vulnerability
A stack-based buffer overflow exists in coders/tiff.c in ImageMagick versions prior to 6.9.12-26 (and possibly equivalent 7.x releases). The flaw is triggered when processing a specially crafted TIFF file, causing a stack overflow [1][2].
Exploitation
An attacker must convince a user to open a malicious TIFF file. No special privileges or network access are required; user interaction is necessary [1].
Impact
Successful exploitation results in an application crash, leading to a denial of service. No code execution or data compromise has been reported [1][2].
Mitigation
The vulnerability is fixed in ImageMagick 6.9.12-26, as per commit 85a370c79afeb45a97842b0959366af5236e9023 [2]. Users should update to the patched version. No workaround is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords4 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 6.8.8.1-71.192.1+ 3 more
- (no CPE)range: < 6.8.8.1-71.192.1
- (no CPE)range: < 6.8.8.1-71.192.1
- (no CPE)range: < 6.8.8.1-71.192.1
- (no CPE)range: < 6.8.8.1-71.192.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A stack-based buffer overflow occurs in ImageMagick's coders/tiff.c when processing a crafted TIFF file."
Attack vector
An attacker can trick a user into opening a specially crafted malicious TIFF file using an application that utilizes ImageMagick's TIFF coder [ref_id=1]. This action triggers the stack-based buffer overflow, leading to a denial of service.
Affected code
The vulnerability is located in the `coders/tiff.c` file within ImageMagick [ref_id=1]. The specific function or code path leading to the overflow is not detailed in the provided information, but the fix targets this file.
What the fix does
The vulnerability was fixed by a commit to the ImageMagick6 repository [ref_id=1]. The patch addresses the stack overflow issue in the coders/tiff.c file, preventing the application from crashing when processing malformed TIFF files.
Preconditions
- inputThe user must open a specially crafted malicious TIFF file.
Generated on Jun 8, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/mitrevendor-advisory
- access.redhat.com/security/cve/CVE-2023-3195mitre
- bugzilla.redhat.com/show_bug.cgimitre
- github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934cmitre
- github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023mitre
- www.openwall.com/lists/oss-security/2023/05/29/1mitre
News mentions
0No linked articles in our index yet.