Vulnerability CVE-2022-44268: Information

Description

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-44268
Published: Feb. 7, 2023
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
ImageMagicksisyphus6.9.12.93-alt17.1.1.31-alt1ALT-PU-2023-4997-2327301Fixed
ImageMagicksisyphus_e2k6.9.12.93-alt17.1.1.31-alt1ALT-PU-2023-5010-1-Fixed
ImageMagicksisyphus_riscv646.9.12.93-alt17.1.1.31-alt1ALT-PU-2023-5026-1-Fixed
ImageMagickp106.9.12.93-alt16.9.13.9-alt1ALT-PU-2023-4999-3327302Fixed
ImageMagickp10_e2k6.9.12.93-alt16.9.12.93-alt1ALT-PU-2023-5416-1-Fixed
ImageMagickc10f16.9.12.93-alt16.9.12.93-alt1ALT-PU-2023-4998-3327304Fixed
ImageMagickc9f26.9.12.93-alt16.9.12.93-alt1ALT-PU-2024-2243-2340468Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://imagemagick.org/
  • Product
https://www.metabaseq.com/imagemagick-zero-days/
  • Exploit
  • Third Party Advisory
DSA-5347
    [debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update
      http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
        FEDORA-2023-6537113d6d
          FEDORA-2023-93389b8a9e

              1. Configuration 1

                cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.0
            Back to top