Search for vulnerabilities
Vulnerability details: VCID-j45q-ux4f-aaae
Vulnerability ID VCID-j45q-ux4f-aaae
Aliases CVE-2023-3745
Summary A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-787 Out-of-bounds Write
CWE-122 Heap-based Buffer Overflow
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3745.json
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2023-3745
cvssv3.1 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-3745
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-3745
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3745.json
https://access.redhat.com/security/cve/CVE-2023-3745
https://api.first.org/data/v1/epss?cve=CVE-2023-3745
https://bugzilla.redhat.com/show_bug.cgi?id=2223557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3745
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73
https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b
https://github.com/ImageMagick/ImageMagick/commit/54cdc146bbe50018526770be201b56643ad58ba7
https://github.com/ImageMagick/ImageMagick/commit/651672f19c75161a6159d9b6838fd3095b6c5304
https://github.com/ImageMagick/ImageMagick/issues/1857
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
CVE-2023-3745 https://nvd.nist.gov/vuln/detail/CVE-2023-3745
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3745.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3745
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-3745
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01824
EPSS Score 0.00015
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.