CVE-2022-44268

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.1.0-49

Description The issue is related to errors in processing input data, which can allow a remote attacker to access protected information using the profile parameter. When ImageMagick parses a PNG image, the resulting image could have embedded the content of an arbitrary file if the magick binary has permissions to read it.

Recommendations For ImageMagick version 7.1.0-49, consider disabling the processing of external PNG images until a patch is available. Restrict access to the profile parameter to minimize the risk of exploitation. Avoid using the profile parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-3182

ALT-PU-2020-1405

ALT-PU-2021-1001

ALT-PU-2021-1438

ALT-PU-2021-1440

ALT-PU-2021-1839

ALT-PU-2021-2404

ALT-PU-2021-3278

ALT-PU-2022-1417

ALT-PU-2022-2736

ALT-PU-2022-2832

ALT-PU-2023-4997

ALT-PU-2023-4998

ALT-PU-2023-4999

ALT-PU-2023-5309

ALT-PU-2024-2243

BDU:2023-00579

CESA-2021_0024

CVE-2022-44268

DLA-3357-1

DLA-3357-2

DSA-5347-1

OESA-2023-1065

OPENSUSE-SU-2023_0424-1

OPENSUSE-SU-2023_0428-1

OPENSUSE-SU-2024:13263-1

RHSA-2021_0024

SUSE-SU-2023:0421-1

SUSE-SU-2023:0424-1

SUSE-SU-2023:0428-1

SUSE-SU-2023:4634-1

SUSE-SU-2023_0421-1

SUSE-SU-2023_0424-1

SUSE-SU-2023_0428-1

SUSE-SU-2023_4634-1

USN-5855-1

USN-5855-2

USN-5855-3

USN-5855-4

Affected Products

Alt Linux

Astra Linux

Imagemagick

Linuxmint

Red Os

Suse

Ubuntu

CVE-2022-44268

Weakness Enumeration

Related Identifiers

Affected Products

References · 141