CVE-2022-44268 - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for

CVE-2022-44268

Summary

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

References

https://imagemagick.org/
https://www.metabaseq.com/imagemagick-zero-days/
https://www.debian.org/security/2023/dsa-5347
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html

Vulnerable Configurations

cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

06-04-2023 - 17:15

Published

06-02-2023 - 21:15

Last modified

06-04-2023 - 17:15