Lucene search

[email protected]CVE-2022-44267

HistoryFeb 06, 2023 - 9:15 p.m.

CVE-2022-44267

2023-02-0621:15:09

CWE-404

[email protected]

web.nvd.nist.gov

113

cve-2022-44267

imagemagick

denial of service

nvd

png

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Affected configurations

NVD

Node

imagemagickimagemagickMatch7.1.0-49

CPENameOperatorVersion
imagemagick:imagemagickimagemagickeq7.1.0-49

CPE	Name	Operator	Version
imagemagick:imagemagick	imagemagick	eq	7.1.0-49

References

imagemagick.org/

lists.debian.org/debian-lts-announce/2023/03/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

www.debian.org/security/2023/dsa-5347

www.metabaseq.com/imagemagick-zero-days/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2022-44267

debiancve1 redhatcve1 veracode1 osv6 zdt1 prion1 nvd1 alpinelinux1 ubuntucve1 cvelist1 ubuntu3 exploitdb1 nessus18 thn1 openvas12 fedora2 wallarmlab2 debian2 cloudfoundry2 amazon2 redos1 photon3 gentoo1