Bug 1203450 - (CVE-2022-3213) VUL-0: CVE-2022-3213: ImageMagick: heap buffer overflow while processing a malformed TIFF file
VUL-0: CVE-2022-3213: ImageMagick: heap buffer overflow while processing a ma...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-09-15 11:24 UTC by Carlos López
Modified: 2022-10-01 16:19 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Carlos López 2022-09-15 11:26:59 UTC
I could not find a PoC, but I'd say the patch would apply on openSUSE:Factory and perhaps SUSE:SLE-15-SP4:Update.
Comment 2 Petr Gajdos 2022-09-19 08:13:40 UTC
Took the last shape of expression in extent= assignment.

TW/ImageMagick already fixed by version update.

Submitted for 15sp4/ImageMagick.
Comment 3 Petr Gajdos 2022-09-19 08:13:59 UTC
I believe all fixed.
Comment 5 Swamp Workflow Management 2022-10-01 16:19:01 UTC
SUSE-SU-2022:3487-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1203450
CVE References: CVE-2022-3213
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    ImageMagick-
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    ImageMagick-
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    ImageMagick-

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.