{"vulnerability": "CVE-2022-44268", "sightings": [{"uuid": "2019028c-ae46-443f-b899-06dd09e3ff8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/156", "content": "ImageMagick: The hidden vulnerability behind your online images\n\n\ud83d\udc64 by Bryan Gonzalez\n\nIn a recent APT Simulation engagement, the Ocelot team identified that ImageMagick was used to process images in a Drupal-based website, and hence, the team decided to try to find new vulnerabilities in this component. As a result, two zero days were identified:\n   \u2022 CVE-2022-44267: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. \n   \u2022 CVE-2022-44268: ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary remote file.\n\n\ud83d\udcdd Contents:\n\u25cf Introduction\n    \u2022 How to trigger the exploitation?\n\u25cf CVE-2022-44267: Denial of service\n\u25cf CVE-2022-44268: Arbitrary Remote Leak\n\nOriginal link: https://www.metabaseq.com/imagemagick-zero-days/\n\nTry this link if the previous one isn't working: https://web.archive.org/web/20230201234130/https://www.metabaseq.com/imagemagick-zero-days/", "creation_timestamp": "2023-02-02T07:42:21.000000Z"}, {"uuid": "7479d5de-cefa-4c3c-a4b9-ae6615237670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://gist.github.com/chun-awa/e6879725f088efee7ad390b3b9cfdd28", "content": "", "creation_timestamp": "2025-10-28T14:51:52.000000Z"}, {"uuid": "413048f2-e6bb-4e33-bea3-698bb11ed1b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://gist.github.com/strikoder/f5e743bbd00685453bb0b990f0aa22a5", "content": "", "creation_timestamp": "2025-12-30T09:06:47.000000Z"}, {"uuid": "71fc03a4-b1a0-4ec0-bc00-aa6839256e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10648", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-44268 ImageMagick Arbitrary File Read - Payload Generator.\n\nhttps://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC", "creation_timestamp": "2023-02-05T00:34:43.000000Z"}, {"uuid": "e9e5192b-b2d1-4517-9b02-4b17846a9040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2732", "content": "\ud83d\udca5CVE-2022-44268 ImageMagick Arbitrary Local File Read\n\ud83d\udca5CVE-2022-44268 ImageMagick Arbitrary File Read PoC\n\ud83d\udca5CVE-2022-44268 Arbitrary File Read PoC - PNG generator\n\ud83d\udca5Payload generator and extractor for CVE-2022-44268 written in Python\n\ud83d\udca5cve-2022-44268-detector - detect malicious PNGs\n\nby PrivateShizo", "creation_timestamp": "2023-02-18T23:38:46.000000Z"}, {"uuid": "5d2d8345-3c6c-4380-8c3c-3c492ae8621d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/monkey_hacker/46", "content": "\ud83d\udca5CVE-2022-44268 ImageMagick Arbitrary Local File Read\n\ud83d\udca5CVE-2022-44268 ImageMagick Arbitrary File Read PoC\n\ud83d\udca5CVE-2022-44268 Arbitrary File Read PoC - PNG generator\n\ud83d\udca5Payload generator and extractor for CVE-2022-44268 written in Python\n\ud83d\udca5cve-2022-44268-detector - detect malicious PNGs\n\nby PrivateShizo", "creation_timestamp": "2023-02-21T11:55:52.000000Z"}, {"uuid": "2966e285-329d-4a6c-9de1-be4726a712a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/157", "content": "\ud83e\uddd9\u200d\u2642\ufe0f CVE-2022-44268 - a vulnerability in ImageMagick that could lead to an arbitrary file read.\n\nHow does it work? See here in high quality \ud83d\udc47\n\nhttps://github.com/Mike-n1/HowDoesItWork/blob/main/CVE-2022-44268.png?raw=true", "creation_timestamp": "2023-02-02T13:43:25.000000Z"}, {"uuid": "c6c2c4fd-edce-4caa-84df-813fff81f3f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/iMM2x3UNTTbD4MOrhR81QbtFwd6wto2bf8z011jSc6ktsqc", "content": "", "creation_timestamp": "2023-02-06T06:05:50.000000Z"}, {"uuid": "7c8b143f-1e2b-4282-9a90-2ac8b76b8ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/psNrPCLGRgRxWvJUXe6PzXSn-7B8yrdrg7z2vX8JTkP0jmc", "content": "", "creation_timestamp": "2025-06-05T03:00:05.000000Z"}, {"uuid": "1627bcc7-6859-42d3-8206-7aa05e3bfb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/wgpfP3OAeLzqKxg7og5RZ0T8vV03o_xu5bEkLe-WWQnH", "content": "", "creation_timestamp": "2023-10-22T23:57:47.000000Z"}, {"uuid": "0686a832-193c-4f05-bf84-885ce4cee893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/KhC0uve1HmTeEvhqwksyMX2W11OeXpJ6qbMRuV3YPv3O", "content": "", "creation_timestamp": "2023-10-22T23:51:34.000000Z"}, {"uuid": "3c1397da-0651-48e9-85e1-c5f77602fc67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/pqI3z7mdKPBC2SicqREefaq4bONYt_czMUA0dF7ooh4UXhw", "content": "", "creation_timestamp": "2023-02-02T21:27:26.000000Z"}, {"uuid": "0672e31d-8d8e-4e40-bdf1-ac7a57f2d282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://t.me/OnlineHacKingX/49", "content": "\ud83e\uddd9\u200d\u2642\ufe0f CVE-2022-44268 - a vulnerability in ImageMagick that could lead to an arbitrary file read.\n\n\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\u2665\ufe0f Channel - @KaliLinux_Hacker \ud83c\udfee\n\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501", "creation_timestamp": "2023-06-11T16:56:36.000000Z"}, {"uuid": "6b6ec0cf-c278-45d6-b0fc-aa7ec2675961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/NEH04jZVzMC7Uhxr7pU4j07tdvi6Ol2J8-O3cMbMxBrnZ3Q", "content": "", "creation_timestamp": "2023-02-06T06:03:12.000000Z"}, {"uuid": "a1e96c2a-6f05-4529-b680-3377b7a8c891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://t.me/arpsyndicate/603", "content": "#ExploitObserverAlert\n\nCVE-2022-44268\n\nDESCRIPTION: Exploit Observer has 62 entries related to CVE-2022-44268. ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).\n\nFIRST-EPSS: 0.013800000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-11-27T22:42:33.000000Z"}, {"uuid": "74b92f4d-bc99-4152-b069-d8fb741cceb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/1381", "content": "", "creation_timestamp": "2023-02-07T15:48:25.000000Z"}, {"uuid": "0b6178db-645a-459d-b2ba-f53297bc935c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/1379", "content": "CVE-2022-44268\nArbitrary File Read PoC - PNG generator", "creation_timestamp": "2023-02-07T15:48:25.000000Z"}, {"uuid": "a9c1ee4a-eabd-49bb-ade6-e7bce6ecb549", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2615", "content": "CVE-2022-44268 ImageMagick Arbitrary File Read \n\nhttps://www.metabaseq.com/imagemagick-zero-days/", "creation_timestamp": "2023-03-21T09:10:37.000000Z"}, {"uuid": "06b1cd49-61a1-41a8-84fd-1b42a028e5dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/ircuBAsHFXcjmvku-nAin4kK5CanHcLKNXjEFaHFZbXDYyY", "content": "", "creation_timestamp": "2023-02-16T07:22:06.000000Z"}, {"uuid": "3c24d345-043b-47e6-bb11-44aa3373e308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1367", "content": "CVE-2022-44268\nArbitrary File Read PoC - PNG generator\nPoC", "creation_timestamp": "2023-02-06T14:22:44.000000Z"}, {"uuid": "8cadf97a-2a0e-456a-8317-d5ec0dd362f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://t.me/proxy_bar/1355", "content": "\u042f \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0441\u0442\u0430\u0432\u043b\u044e \u044d\u0442\u043e \u0437\u0434\u0435\u0441\u044c - \u042b\u0422\u042c \nCVE-2022-44268 POC", "creation_timestamp": "2023-02-02T21:05:59.000000Z"}, {"uuid": "1141514d-2c1f-4772-ad7d-359b9b2a8315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://t.me/thehackernews/3011", "content": "Researchers discover new vulnerabilities in the ImageMagick image processing program that could lead to DoS (CVE-2022-44267) or arbitrary remote file leaks (CVE-2022-44268).\n\nhttps://thehackernews.com/2023/02/researchers-uncover-new-bugs-in-popular.html", "creation_timestamp": "2023-02-01T21:03:53.000000Z"}, {"uuid": "8c3e1d5b-8a27-40d8-a254-7519eaf07daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "https://t.me/cibsecurity/57631", "content": "\u203c CVE-2022-44268 \u203c\n\nImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T00:23:40.000000Z"}, {"uuid": "4b7c5195-d33c-486e-99a6-a677124386db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7026", "content": "A PoC for the CVE-2022-44268 - ImageMagick arbitrary file read \nhttps://github.com/voidz0r/CVE-2022-44268", "creation_timestamp": "2023-02-06T06:18:56.000000Z"}, {"uuid": "5f99c62c-f1c0-479b-9963-7bbb9797d756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/club31337/1474", "content": "https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC", "creation_timestamp": "2024-11-11T00:20:31.000000Z"}, {"uuid": "ef32810c-1ed2-488d-b04f-29b286c3f800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7706", "content": "#exploit\n1. CVE-2022-44268:\nImageMagick arbitrary file read\nhttps://github.com/Vulnmachines/imagemagick-CVE-2022-44268\n\n2. CVE-2023-22855:\nKardex Control Center Exploit\nhttps://github.com/patrickhener/CVE-2023-22855\n\n3. CVE-2023-23333:\nCI vulnerability in SolarView Compact <6.00\nhttps://github.com/Timorlover/CVE-2023-23333", "creation_timestamp": "2023-02-07T11:01:01.000000Z"}, {"uuid": "e32cd30a-97ed-43f0-8ae1-89c9dc91ab97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "Telegram/WOvwLGjo5xrr1_QZTyzzbYxZLR_ElEyQpL3FgO1J0vxdRJo", "content": "", "creation_timestamp": "2023-02-02T15:43:37.000000Z"}, {"uuid": "39059549-0c3c-4da5-b0f1-34acb1722612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7989", "content": "#Threat_Research\n1. Clipchamp (MS Office Product) ATO - Google IAP AuthZ bypass\nhttps://blog.agilehunt.com/blogs/security/msrc-critical-google-iap-authorization-bypass-allows-access-to-internal-envirnment-leading-to-zero-interaction-account-takeover\n2. H1 Arbitrary Remote Leak via ImageMagick (CVE-2022-44268)\nhttps://www.metabaseq.com/imagemagick-zero-days\n]-> https://hackerone.com/reports/1858574", "creation_timestamp": "2023-03-25T13:38:49.000000Z"}, {"uuid": "83d9a793-00e5-4751-b042-83630ac5cd40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44268", "type": "seen", "source": "Telegram/gT5_rH6SbQjCDL5CnTfdxn2Fj6qxX4lRf2Kzqc0ICHxoeYM", "content": "", "creation_timestamp": "2023-04-02T20:32:57.000000Z"}]}