PT-2020-6973 · Unknown+3 · Imagemagick+3
Luisfrodo
·
Published
2020-11-30
·
Updated
2025-11-04
·
CVE-2022-48541
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
ImageMagick versions 6.9.11-22 through 7.0.10-45
Description
A memory leak in the
identify -help command allows remote attackers to perform a denial of service. The issue is related to incorrect memory deallocation before removing the last reference, which can be exploited by a remote attacker to disrupt data integrity and cause a denial of service.Recommendations
For ImageMagick versions 6.9.11-22 through 7.0.10-45, consider disabling the
identify -help command as a temporary workaround to minimize the risk of exploitation. Restrict access to the identify command to prevent remote attackers from performing a denial of service.Exploit
Fix
DoS
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Imagemagick
Linuxmint
Ubuntu