// For flags

CVE-2022-44268

ImageMagick 7.1.0-49 - Arbitrary File Read

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

30
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

An update that fixes two vulnerabilities is now available. This update for ImageMagick fixes the following issues. Fixed a denial of service when parsing a PNG image. Fixed arbitrary file disclosure when parsing a PNG image.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2022-10-30 CVE Reserved
  • 2023-02-02 First Exploit
  • 2023-02-06 CVE Published
  • 2025-03-26 CVE Updated
  • 2025-07-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (36)
URL Tag Source
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
https://imagemagick.org Product
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html Mailing List
URL Date SRC
https://packetstorm.news/files/id/171727 2023-04-06
https://www.exploit-db.com/exploits/51261 2023-04-05
https://github.com/voidz0r/CVE-2022-44268 2023-02-05
https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC 2023-02-02
https://github.com/kljunowsky/CVE-2022-44268 2023-12-29
https://github.com/y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment 2023-02-03
https://github.com/Vulnmachines/imagemagick-CVE-2022-44268 2023-02-06
https://github.com/entr0pie/CVE-2022-44268 2023-07-03
https://github.com/Baikuya/CVE-2022-44268-PoC 2023-02-04
https://github.com/adhikara13/CVE-2022-44268-MagiLeak 2023-06-26
https://github.com/bhavikmalhotra/CVE-2022-44268-Exploit 2023-07-02
https://github.com/NataliSemi/-CVE-2022-44268 2023-11-16
https://github.com/betillogalvanfbc/POC-CVE-2022-44268 2023-03-22
https://github.com/nfm/heroku-CVE-2022-44268-reproduction 2023-02-21
https://github.com/Vagebondcur/IMAGE-MAGICK-CVE-2022-44268 2023-10-13
https://github.com/Ashifcoder/CVE-2022-44268-automated-poc 2023-02-04
https://github.com/CygnusX-26/CVE-2022-44268-fixed-PoC 2023-12-04
https://github.com/atici/Exploit-for-ImageMagick-CVE-2022-44268 2023-09-05
https://github.com/agathanon/cve-2022-44268 2023-11-07
https://github.com/jnschaeffer/cve-2022-44268-detector 2024-01-14
https://github.com/Sybil-Scan/imagemagick-lfi-poc 2024-10-15
https://github.com/Pog-Frog/cve-2022-44268 2023-07-14
https://github.com/narekkay/auto-cve-2022-44268.sh 2024-07-10
https://github.com/fanbyprinciple/ImageMagick-lfi-poc 2023-12-07
https://github.com/chairat095/CVE-2022-44268_By_Kyokito 2023-08-14
https://github.com/PanAdamski/CVE-2022-44268-automated 2024-08-29
https://github.com/FlojBoj/CVE-2022-44268 2024-09-02
https://github.com/katseyres2/CVE-2022-44268-pilgrimage 2025-05-02
https://github.com/J0ey17/Automate_Exploit_CVE-2022-44268 2025-06-04
https://www.metabaseq.com/imagemagick-zero-days 2025-03-26
URL Date SRC
URL Date SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV 2023-11-07
https://www.debian.org/security/2023/dsa-5347 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Imagemagick
Search vendor "Imagemagick"
 Imagemagick
Search vendor "Imagemagick" for product "Imagemagick"
 7.1.0-49
Search vendor "Imagemagick" for product "Imagemagick" and version "7.1.0-49"
-
Affected