CVE-2022-44268

2023-02-0621:15:09

Alpine Linux Development Team

security.alpinelinux.org

imagemagick

information disclosure

png

image

unix

cve-2022-44268

vulnerable

permissions

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchimagemagick< 7.1.0.52-r0UNKNOWN
Alpine3.18-communitynoarchimagemagick< 7.1.0.52-r0UNKNOWN
Alpine3.19-communitynoarchimagemagick< 7.1.0.52-r0UNKNOWN
Alpine3.20-communitynoarchimagemagick< 7.1.0.52-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	imagemagick	< 7.1.0.52-r0	UNKNOWN
Alpine	3.18-community	noarch	imagemagick	< 7.1.0.52-r0	UNKNOWN
Alpine	3.19-community	noarch	imagemagick	< 7.1.0.52-r0	UNKNOWN
Alpine	3.20-community	noarch	imagemagick	< 7.1.0.52-r0	UNKNOWN