CVE-2023-3195: 
ImageMagick vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2023-3195) was discovered in ImageMagick's coders/tiff.c component. The vulnerability was first reported by Muhammad Aldo Firmansyah and was publicly disclosed on May 29, 2023. This security flaw affects ImageMagick versions up to 6.9.12-26 and versions from 7.1.1-0 up to 7.1.1-10 (NVD, OpenWall).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) and out-of-bounds write (CWE-787) issue. It received a CVSS v3.1 base score of 5.5 (Medium), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability requires local access and user interaction, but no privileges, to be exploited (NVD).

When exploited, this vulnerability allows an attacker to cause an application crash resulting in a denial of service by tricking a user into opening a specially crafted malicious TIFF file (Ubuntu, Red Hat).

The vulnerability has been fixed in ImageMagick versions 6.9.12-26 and 7.1.1-10. Users are advised to upgrade to these or later versions. The fix was implemented through patches committed to both ImageMagick 6 and 7 repositories (ImageMagick6 Patch, ImageMagick Patch).