CVE-2022-2719

2022-08-1020:15:36

Debian Security Bug Tracker

security-tracker.debian.org

imagemagick

assertion failure

writeimages

null image list

denial of service

upstream

version 7.1.0-30

unix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.8%

JSON

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

OSVersionArchitecturePackageVersionFilename
Debian12allimagemagick< 8:6.9.11.60+dfsg-1.6+deb12u2imagemagick_8:6.9.11.60+dfsg-1.6+deb12u2_all.deb
Debian11allimagemagick< 8:6.9.11.60+dfsg-1.3+deb11u4imagemagick_8:6.9.11.60+dfsg-1.3+deb11u4_all.deb
Debian999allimagemagick< 8:6.9.13.12+dfsg1-1imagemagick_8:6.9.13.12+dfsg1-1_all.deb
Debian13allimagemagick< 8:6.9.13.12+dfsg1-1imagemagick_8:6.9.13.12+dfsg1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	imagemagick	< 8:6.9.11.60+dfsg-1.6+deb12u2	imagemagick_8:6.9.11.60+dfsg-1.6+deb12u2_all.deb
Debian	11	all	imagemagick	< 8:6.9.11.60+dfsg-1.3+deb11u4	imagemagick_8:6.9.11.60+dfsg-1.3+deb11u4_all.deb
Debian	999	all	imagemagick	< 8:6.9.13.12+dfsg1-1	imagemagick_8:6.9.13.12+dfsg1-1_all.deb
Debian	13	all	imagemagick	< 8:6.9.13.12+dfsg1-1	imagemagick_8:6.9.13.12+dfsg1-1_all.deb