CVE-2023-34475

Updated: 2025-08-20 01:46:17.976623

Description:

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU ImageMagick 6.9.13.17 5.5 MEDIUM Not Vulnerable 2025-02-04 02:12:38
CentOS 7 ELS ImageMagick 6.9.10.68 5.5 MEDIUM Ignored 2024-04-08 14:08:52 Ignored due to low severity
Ubuntu 16.04 ELS ImageMagick 6.8.9.9-7 5.5 MEDIUM Ignored 2023-06-27 03:33:07 Ignored due to low severity
Ubuntu 18.04 ELS ImageMagick 6.9.7.4 5.5 MEDIUM Ignored 2023-06-27 03:33:07 Ignored due to low severity