HCE2-SA-2024-0012 Moderate HCE 2.0 Security Fix(es): A vulnerability was found in ImageMagick <=7.1.1, where heap-based buffer overflow was found in coders/tiff.c. (CVE-2023-3428) A vulnerability was found in ImageMagick <=7.1.1, where heap use-after-free was found in coders/bmp.c.References:https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 (CVE-2023-5341) A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. (CVE-2023-34475) A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. (CVE-2023-34474) HCE 2.0 ImageMagick-7.1.1.8-5.hce2.aarch64.rpm ImageMagick-7.1.1.8-5.hce2.x86_64.rpm