Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h
Description
A heap-buffer-overflow in ImageMagick's PushCharPixel() function allows denial of service via a crafted TIFF file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-buffer-overflow in ImageMagick's PushCharPixel() function allows denial of service via a crafted TIFF file.
Vulnerability
A heap-based buffer overflow exists in ImageMagick's PushCharPixel() function in quantum-private.h. The flaw occurs during the processing of TIFF images with the YCbCr photometric interpretation, where the allocated buffer size is insufficient. This affects ImageMagick versions prior to 7.0.10-0 and 6.9.11-0 [1][2].
Exploitation
An attacker must convince a user to open a specially crafted TIFF file using ImageMagick (e.g., via convert). No authentication is required, but user interaction is necessary. The crafted file triggers an out-of-bounds read in PushCharPixel() during the TIFF decoding process, as demonstrated by an AddressSanitizer report [2].
Impact
Successful exploitation results in an application crash, leading to a denial of service. The vulnerability is limited to a heap-buffer-overflow read; no code execution has been demonstrated [1][2].
Mitigation
The issue was fixed in ImageMagick 7.0.10-0 and 6.9.11-0, released on 2020-03-01, by doubling the buffer extent for YCbCr TIFF images [3][4]. Users should update to these or later versions. No workaround is available for unpatched versions.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:/o:redhat:enterprise_linux:6+ 1 more
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- osv-coords8 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-150200.10.51.1+ 7 more
- (no CPE)range: < 7.0.7.34-150200.10.51.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.195.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.195.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.195.1
- (no CPE)range: < 6.8.8.1-71.195.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
7- access.redhat.com/security/cve/CVE-2023-3745mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- github.com/ImageMagick/ImageMagick/commit/54cdc146bbe50018526770be201b56643ad58ba7mitre
- github.com/ImageMagick/ImageMagick/commit/651672f19c75161a6159d9b6838fd3095b6c5304mitre
- github.com/ImageMagick/ImageMagick/issues/1857mitre
- github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73mitre
- github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294bmitre
News mentions
0No linked articles in our index yet.