Lucene search

[email protected]CVE-2022-44267

HistoryFeb 06, 2023 - 9:15 p.m.

CVE-2022-44267

2023-02-0621:15:09

CWE-404

[email protected]

web.nvd.nist.gov

113

cve-2022-44267

imagemagick

denial of service

nvd

png

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Affected configurations

NVD

Node

imagemagickimagemagickMatch7.1.0-49

CPENameOperatorVersion
imagemagick:imagemagickimagemagickeq7.1.0-49

CPE	Name	Operator	Version
imagemagick:imagemagick	imagemagick	eq	7.1.0-49

References

imagemagick.org/

lists.debian.org/debian-lts-announce/2023/03/msg00008.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

www.debian.org/security/2023/dsa-5347

www.metabaseq.com/imagemagick-zero-days/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2022-44267

veracode1 zdt1 osv6 debiancve1 redhatcve1 alpinelinux1 prion1 nvd1 ubuntucve1 cvelist1 exploitdb1 fedora2 openvas12 ubuntu3 thn1 nessus18 wallarmlab2 debian2 amazon2 cloudfoundry2 redos1 photon3 gentoo1