PT-2022-6488 · Unknown+4 · Imagemagick+4

Tej Rathi

·

Published

2022-03-14

·

Updated

2024-06-15

·

CVE-2022-1114

CVSS v2.0

8.8

High

VectorAV:N/AC:M/Au:N/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions ImageMagick (affected versions not specified)
Description A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of the dcm.c file. This issue is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. The exploitation of this flaw may allow a remote attacker to access confidential data and cause a denial of service using a specially crafted DICOM image.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-2736
ALT-PU-2022-2832
ALT-PU-2024-2243
BDU:2023-01719
CVE-2022-1114
MGASA-2022-0446
OESA-2022-1670
OPENSUSE-SU-2024:13263-1
USN-5736-1
USN-5736-2

Affected Products

Alt Linux
Imagemagick
Linuxmint
Red Os
Ubuntu