Bug 1203450 - (CVE-2022-3213) VUL-0: CVE-2022-3213: ImageMagick: heap buffer overflow while processing a malformed TIFF file
(CVE-2022-3213)
VUL-0: CVE-2022-3213: ImageMagick: heap buffer overflow while processing a ma...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/342418/
CVSSv3.1:SUSE:CVE-2022-3213:5.3:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-15 11:24 UTC by Carlos López
Modified: 2022-10-01 16:19 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Carlos López 2022-09-15 11:26:59 UTC
I could not find a PoC, but I'd say the patch would apply on openSUSE:Factory and perhaps SUSE:SLE-15-SP4:Update.
Comment 2 Petr Gajdos 2022-09-19 08:13:40 UTC
Took the last shape of expression in extent= assignment.

TW/ImageMagick already fixed by version update.

Submitted for 15sp4/ImageMagick.
Comment 3 Petr Gajdos 2022-09-19 08:13:59 UTC
I believe all fixed.
Comment 5 Swamp Workflow Management 2022-10-01 16:19:01 UTC
SUSE-SU-2022:3487-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1203450
CVE References: CVE-2022-3213
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    ImageMagick-7.1.0.9-150400.6.9.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    ImageMagick-7.1.0.9-150400.6.9.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (src):    ImageMagick-7.1.0.9-150400.6.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.