CVE-2022-44268

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
https://imagemagick.org/ Product
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
https://www.debian.org/security/2023/dsa-5347
https://www.metabaseq.com/imagemagick-zero-days/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
History

07 Nov 2023, 03:54

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/', 'name': 'FEDORA-2023-6537113d6d', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/', 'name': 'FEDORA-2023-93389b8a9e', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/ -

06 Apr 2023, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html -

11 Mar 2023, 23:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html -

22 Feb 2023, 13:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/ -

17 Feb 2023, 20:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/ -

15 Feb 2023, 17:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5347 -

14 Feb 2023, 19:20

Type Values Removed Values Added
First Time Imagemagick
Imagemagick imagemagick
CPE cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References (MISC) https://imagemagick.org/ - (MISC) https://imagemagick.org/ - Product
References (MISC) https://www.metabaseq.com/imagemagick-zero-days/ - (MISC) https://www.metabaseq.com/imagemagick-zero-days/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

06 Feb 2023, 21:39

Type Values Removed Values Added
New CVE
Information

Published : 2023-02-06 21:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-44268

Mitre link : CVE-2022-44268

CVE.ORG link : CVE-2022-44268

JSON object : View

Products Affected

imagemagick

  • imagemagick
CWE
NVD-CWE-noinfo