CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 18CVE-2022-44268 – ImageMagick 7.1.0-49 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). • https://www.exploit-db.com/exploits/51261 https://github.com/voidz0r/CVE-2022-44268 https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC https://github.com/kljunowsky/CVE-2022-44268 https://github.com/y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment https://github.com/Vulnmachines/imagemagick-CVE-2022-44268 https://github.com/entr0pie/CVE-2022-44268 https://github.com/Baikuya/CVE-2022-44268-PoC https://github.com/adhikara13/CVE-2022-44268-MagiLe •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 2CVE-2022-44267 – ImageMagick 7.1.0-49 - DoS
https://notcve.org/view.php?id=CVE-2022-44267
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. • https://www.exploit-db.com/exploits/51256 https://imagemagick.org https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV https://www.debian.org/security/2023/dsa-5347 https://www.metabaseq.com/imagemagick-zero-days • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3213
https://notcve.org/view.php?id=CVE-2022-3213
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Se ha encontrado un problema de desbordamiento del búfer de la pila en ImageMagick. Cuando una aplicación procesa un archivo TIFF malformado, puede conllevar a un comportamiento indefinido o un bloqueo que cause una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-3213 https://bugzilla.redhat.com/show_bug.cgi?id=2126824 https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1115
https://notcve.org/view.php?id=CVE-2022-1115
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en la función PushShortPixel() de ImageMagick del archivo quantum-private.h. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de imagen TIFF especialmente diseñado a ImageMagick para su conversión, lo que puede conllevar a una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1115 https://bugzilla.redhat.com/show_bug.cgi?id=2067022 https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09 https://github.com/ImageMagick/ImageMagick/issues/4974 https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0284
https://notcve.org/view.php?id=CVE-2022-0284
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. Se ha encontrado un fallo de lectura excesiva del búfer en la región heap de la memoria en la función GetPixelAlpha() del archivo "pixel-accessor.h" de ImageMagick. Esta vulnerabilidad es desencadenada cuando un atacante pasa una imagen especialmente diseñada en formato de archivo de imagen etiquetada (TIFF) para convertirla en un formato de archivo PICON. • https://access.redhat.com/security/cve/CVE-2022-0284 https://bugzilla.redhat.com/show_bug.cgi?id=2045943 https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7 https://github.com/ImageMagick/ImageMagick/issues/4729 • CWE-125: Out-of-bounds Read •