VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Nov 20, 2025

Imagemagick: heap-buffer-overflow in coders/tiff.c

CVE-2023-3428

Description

Heap-buffer-overflow in ImageMagick's TIFF coder allows denial of service via crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-buffer-overflow in ImageMagick's TIFF coder allows denial of service via crafted file.

Vulnerability

A heap-based buffer overflow vulnerability exists in the coders/tiff.c file of ImageMagick versions up to and including 7.1.1 [1][2]. The flaw occurs when processing specially crafted TIFF images, leading to memory corruption.

Exploitation

Exploitation requires the attacker to convince a user to open a malicious TIFF file using ImageMagick or an application leveraging it. No authentication or network access is needed; the attack is local and depends on user interaction [1].

Impact

Successful exploitation results in an application crash, causing a denial of service. No code execution or data disclosure has been reported [1].

Mitigation

The fix is available in a commit [2] and is included in ImageMagick versions after 7.1.1. Users should update to the latest version. No workaround is documented.

References
  1. cve-details
  2. 2218369 – (CVE-2023-3428) CVE-2023-3428 ImageMagick: heap-buffer-overflow in coders/tiff.c

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.