CVE-2022-28463

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.1.0-27

Description The issue is related to a buffer overflow in the implementation of the PushLongPixel() function in the ImageMagick graphic editor. This can be exploited by an attacker using a specially crafted image file, potentially leading to a denial of service or unauthorized access to protected information.

Recommendations For ImageMagick version 7.1.0-27, consider disabling the PushLongPixel() function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2022-03313

CVE-2022-28463

DLA-3007-1

DLA-3429-1

MGASA-2022-0446

OPENSUSE-SU-2022_1762-1

OPENSUSE-SU-2022_2998-1

OPENSUSE-SU-2024:13263-1

SUSE-SU-2022:1762-1

SUSE-SU-2022:1885-1

SUSE-SU-2022:2998-1

SUSE-SU-2022_1762-1

SUSE-SU-2023:4634-1

USN-5456-1

USN-5736-1

USN-5736-2

USN-6200-1

Affected Products

Astra Linux

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

CVE-2022-28463

Weakness Enumeration

Related Identifiers

Affected Products

References · 142