{"vulnerability": "CVE-2022-44267", "sightings": [{"uuid": "62f61e37-4f92-40c3-ab52-0c38e0c457d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44267", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/156", "content": "ImageMagick: The hidden vulnerability behind your online images\n\n\ud83d\udc64 by Bryan Gonzalez\n\nIn a recent APT Simulation engagement, the Ocelot team identified that ImageMagick was used to process images in a Drupal-based website, and hence, the team decided to try to find new vulnerabilities in this component. As a result, two zero days were identified:\n   \u2022 CVE-2022-44267: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. \n   \u2022 CVE-2022-44268: ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary remote file.\n\n\ud83d\udcdd Contents:\n\u25cf Introduction\n    \u2022 How to trigger the exploitation?\n\u25cf CVE-2022-44267: Denial of service\n\u25cf CVE-2022-44268: Arbitrary Remote Leak\n\nOriginal link: https://www.metabaseq.com/imagemagick-zero-days/\n\nTry this link if the previous one isn't working: https://web.archive.org/web/20230201234130/https://www.metabaseq.com/imagemagick-zero-days/", "creation_timestamp": "2023-02-02T07:42:21.000000Z"}, {"uuid": "3fe2a40d-4c5a-4395-8a25-66633c540bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44267", "type": "seen", "source": "https://t.me/cibsecurity/57633", "content": "\u203c CVE-2022-44267 \u203c\n\nImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T00:23:41.000000Z"}, {"uuid": "b75995cc-9354-43cd-b254-d353a58aa74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44267", "type": "published-proof-of-concept", "source": "Telegram/WOvwLGjo5xrr1_QZTyzzbYxZLR_ElEyQpL3FgO1J0vxdRJo", "content": "", "creation_timestamp": "2023-02-02T15:43:37.000000Z"}, {"uuid": "1910ce48-52dc-497f-ad71-9dfb139bf4a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44267", "type": "seen", "source": "https://t.me/thehackernews/3011", "content": "Researchers discover new vulnerabilities in the ImageMagick image processing program that could lead to DoS (CVE-2022-44267) or arbitrary remote file leaks (CVE-2022-44268).\n\nhttps://thehackernews.com/2023/02/researchers-uncover-new-bugs-in-popular.html", "creation_timestamp": "2023-02-01T21:03:53.000000Z"}]}