CVE-2022-44268

ImageMagick 7.1.0-49 - Arbitrary File Read

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

*Credits: N/A

CVSS Scores

NISTv3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-30 CVE Reserved
2023-02-02 First Exploit
2023-02-06 CVE Published
2024-08-03 CVE Updated
2024-08-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (24)

URL	Tag	Source
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
https://imagemagick.org	Product
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html	Mailing List

URL	Date	SRC
https://www.exploit-db.com/exploits/51261	2023-04-05
https://github.com/voidz0r/CVE-2022-44268	2023-02-05
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC	2023-02-02
https://github.com/kljunowsky/CVE-2022-44268	2023-12-29
https://github.com/y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment	2023-02-03
https://github.com/Vulnmachines/imagemagick-CVE-2022-44268	2023-02-06
https://github.com/entr0pie/CVE-2022-44268	2023-07-03
https://github.com/Baikuya/CVE-2022-44268-PoC	2023-02-04
https://github.com/adhikara13/CVE-2022-44268-MagiLeak	2023-06-26
https://github.com/bhavikmalhotra/CVE-2022-44268-Exploit	2023-07-02
https://github.com/NataliSemi/-CVE-2022-44268	2023-11-16
https://github.com/betillogalvanfbc/POC-CVE-2022-44268	2023-03-22
https://github.com/nfm/heroku-CVE-2022-44268-reproduction	2023-02-21
https://github.com/Vagebondcur/IMAGE-MAGICK-CVE-2022-44268	2023-10-13
https://github.com/Ashifcoder/CVE-2022-44268-automated-poc	2023-02-04
https://github.com/CygnusX-26/CVE-2022-44268-fixed-PoC	2023-12-04
https://github.com/atici/Exploit-for-ImageMagick-CVE-2022-44268	2023-09-05
https://www.metabaseq.com/imagemagick-zero-days	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV	2023-11-07
https://www.debian.org/security/2023/dsa-5347	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Imagemagick Search vendor "Imagemagick"		Imagemagick Search vendor "Imagemagick" for product "Imagemagick"				7.1.0-49 Search vendor "Imagemagick" for product "Imagemagick" and version "7.1.0-49"		-		Affected