cvelistv5 - cve-2022-48541

CVE-2022-48541 (GCVE-0-2022-48541)

Vulnerability from cvelistv5

Published

2023-08-22 00:00

Modified

2025-11-04 18:14

Severity ?

CWE

Summary

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

wid-sec-w-2023-2185

Vulnerability from csaf_certbund

Published

2023-08-27 22:00

Modified

2024-03-19 23:00

Summary

ImageMagick: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows - iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows\n- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2185 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2185.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2185 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2185"
      },
      {
        "category": "external",
        "summary": "ImageMagick Security Notification vom 2023-08-27",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48541"
      },
      {
        "category": "external",
        "summary": "ImageMagick Security Notification vom 2023-08-27",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40211"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2239 vom 2023-09-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2239.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2240 vom 2023-09-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2240.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2251 vom 2023-09-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2251.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6393-1 vom 2023-09-21",
        "url": "https://ubuntu.com/security/notices/USN-6393-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1831 vom 2023-09-26",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1831.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5461 vom 2023-10-05",
        "url": "https://linux.oracle.com/errata/ELSA-2023-5461.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5461 vom 2023-10-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:5461"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-D23B0F5E76 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d23b0f5e76"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-B695F01221 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-b695f01221"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-6F8C1D9005 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-6f8c1d9005"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-32CE2217E7 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-32ce2217e7"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2023:5461 vom 2024-01-17",
        "url": "https://lists.centos.org/pipermail/centos-announce/2024-January/099209.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3767 vom 2024-03-20",
        "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
      }
    ],
    "source_lang": "en-US",
    "title": "ImageMagick: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-03-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:42.383+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2185",
      "initial_release_date": "2023-08-27T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-27T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-09-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-09-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-09-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-09-25T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-10-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2023-10-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Referenz(en) aufgenommen: 2235480"
        },
        {
          "date": "2024-01-15T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-01-17T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.9.11-22",
                "product": {
                  "name": "Open Source ImageMagick 6.9.11-22",
                  "product_id": "T029573",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:6.9.11-22"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.0.10-45",
                "product": {
                  "name": "Open Source ImageMagick 7.0.10-45",
                  "product_id": "T029574",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:7.0.10-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.1.0-4",
                "product": {
                  "name": "Open Source ImageMagick 7.1.0-4",
                  "product_id": "T029575",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:7.1.0-4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ImageMagick"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-40211",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in ImageMagick. Dieser Fehler besteht in der Funktion ReadEnhMetaFile von coders/emf.c aufgrund eines Divide By Zero. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "T000126",
          "398363",
          "1727",
          "T004914",
          "74185",
          "T029575"
        ]
      },
      "release_date": "2023-08-27T22:00:00.000+00:00",
      "title": "CVE-2021-40211"
    },
    {
      "cve": "CVE-2022-48541",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in ImageMagick. Dieser Fehler besteht in der Komponente Identify Help Command Handler aufgrund einer fehlenden Freigabe von Speicher nach der effektiven Lebensdauer. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029574",
          "T029573",
          "2951",
          "67646",
          "T000126",
          "398363",
          "1727",
          "T004914",
          "74185"
        ]
      },
      "release_date": "2023-08-27T22:00:00.000+00:00",
      "title": "CVE-2022-48541"
    }
  ]
}

WID-SEC-W-2023-2185

Vulnerability from csaf_certbund

Published

2023-08-27 22:00

Modified

2024-03-19 23:00

Summary

ImageMagick: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Produktbeschreibung

ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows - iPhoneOS

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ImageMagick ist eine Sammlung von Programmbibliotheken und Werkzeugen, die Grafiken in zahlreichen Formaten verarbeiten kann.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows\n- iPhoneOS",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2185 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2185.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2185 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2185"
      },
      {
        "category": "external",
        "summary": "ImageMagick Security Notification vom 2023-08-27",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48541"
      },
      {
        "category": "external",
        "summary": "ImageMagick Security Notification vom 2023-08-27",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40211"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2239 vom 2023-09-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2239.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2240 vom 2023-09-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2240.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2023-2251 vom 2023-09-21",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2251.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6393-1 vom 2023-09-21",
        "url": "https://ubuntu.com/security/notices/USN-6393-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1831 vom 2023-09-26",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1831.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5461 vom 2023-10-05",
        "url": "https://linux.oracle.com/errata/ELSA-2023-5461.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5461 vom 2023-10-05",
        "url": "https://access.redhat.com/errata/RHSA-2023:5461"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-D23B0F5E76 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-d23b0f5e76"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-B695F01221 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-b695f01221"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-6F8C1D9005 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-6f8c1d9005"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-32CE2217E7 vom 2024-01-15",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-32ce2217e7"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2023:5461 vom 2024-01-17",
        "url": "https://lists.centos.org/pipermail/centos-announce/2024-January/099209.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3767 vom 2024-03-20",
        "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
      }
    ],
    "source_lang": "en-US",
    "title": "ImageMagick: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-03-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:42.383+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2185",
      "initial_release_date": "2023-08-27T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-27T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-09-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-09-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-09-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-09-25T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-10-05T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2023-10-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Referenz(en) aufgenommen: 2235480"
        },
        {
          "date": "2024-01-15T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-01-17T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.9.11-22",
                "product": {
                  "name": "Open Source ImageMagick 6.9.11-22",
                  "product_id": "T029573",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:6.9.11-22"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.0.10-45",
                "product": {
                  "name": "Open Source ImageMagick 7.0.10-45",
                  "product_id": "T029574",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:7.0.10-45"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.1.0-4",
                "product": {
                  "name": "Open Source ImageMagick 7.1.0-4",
                  "product_id": "T029575",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:imagemagick:imagemagick:7.1.0-4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ImageMagick"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-40211",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in ImageMagick. Dieser Fehler besteht in der Funktion ReadEnhMetaFile von coders/emf.c aufgrund eines Divide By Zero. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "T000126",
          "398363",
          "1727",
          "T004914",
          "74185",
          "T029575"
        ]
      },
      "release_date": "2023-08-27T22:00:00.000+00:00",
      "title": "CVE-2021-40211"
    },
    {
      "cve": "CVE-2022-48541",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in ImageMagick. Dieser Fehler besteht in der Komponente Identify Help Command Handler aufgrund einer fehlenden Freigabe von Speicher nach der effektiven Lebensdauer. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029574",
          "T029573",
          "2951",
          "67646",
          "T000126",
          "398363",
          "1727",
          "T004914",
          "74185"
        ]
      },
      "release_date": "2023-08-27T22:00:00.000+00:00",
      "title": "CVE-2022-48541"
    }
  ]
}

fkie_cve-2022-48541

Vulnerability from fkie_nvd

Published

2023-08-22 19:16

Modified

2025-11-04 19:15

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Summary

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

References

URL	Tags
cve@mitre.org	https://github.com/ImageMagick/ImageMagick/issues/2889	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/	Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ImageMagick/ImageMagick/issues/2889	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/

Impacted products

Vendor	Product	Version
imagemagick	imagemagick	6.9.11-22
imagemagick	imagemagick	7.0.10-45
fedoraproject	fedora	38
fedoraproject	fedora	39

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:6.9.11-22:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5EDF13D-9DE8-4890-82CD-E6977434E531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.10-45:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1BCBD9-F6D7-4FFA-9E4D-4DA0D4295CA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the \"identify -help\" command."
    },
    {
      "lang": "es",
      "value": "Una p\u00e9rdida de memoria en ImageMagick 7.0.10-45 y 6.9.11-22 permite a atacantes remotos realizar una denegaci\u00f3n de servicio mediante el comando \"identify -help\"."
    }
  ],
  "id": "CVE-2022-48541",
  "lastModified": "2025-11-04T19:15:41.277",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-22T19:16:31.443",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/ImageMagick/ImageMagick/issues/2889"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://github.com/ImageMagick/ImageMagick/issues/2889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-g5fw-9pgg-xvqg

Vulnerability from github

Published

2023-08-22 21:30

Modified

2025-11-04 21:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-48541"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:31Z",
    "severity": "HIGH"
  },
  "details": "A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the \"identify -help\" command.",
  "id": "GHSA-g5fw-9pgg-xvqg",
  "modified": "2025-11-04T21:30:38Z",
  "published": "2023-08-22T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48541"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/2889"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2022-48541

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.

Aliases

CVE-2022-48541

Aliases

CVE-2022-48541

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-48541",
    "id": "GSD-2022-48541"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-48541"
      ],
      "details": "A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the \"identify -help\" command.",
      "id": "GSD-2022-48541",
      "modified": "2023-12-13T01:19:25.879506Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-48541",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the \"identify -help\" command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/ImageMagick/ImageMagick/issues/2889",
            "refsource": "MISC",
            "url": "https://github.com/ImageMagick/ImageMagick/issues/2889"
          },
          {
            "name": "FEDORA-2024-6f8c1d9005",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
          },
          {
            "name": "FEDORA-2024-d23b0f5e76",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
          },
          {
            "name": "[debian-lts-announce] 20240320 [SECURITY] [DLA 3767-1] imagemagick security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:imagemagick:imagemagick:6.9.11-22:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C5EDF13D-9DE8-4890-82CD-E6977434E531",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.10-45:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5B1BCBD9-F6D7-4FFA-9E4D-4DA0D4295CA8",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the \"identify -help\" command."
          },
          {
            "lang": "es",
            "value": "Una p\u00e9rdida de memoria en ImageMagick 7.0.10-45 y 6.9.11-22 permite a atacantes remotos realizar una denegaci\u00f3n de servicio mediante el comando \"identify -help\"."
          }
        ],
        "id": "CVE-2022-48541",
        "lastModified": "2024-03-20T10:15:08.733",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 4.2,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-08-22T19:16:31.443",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://github.com/ImageMagick/ImageMagick/issues/2889"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-401"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-48541 (GCVE-0-2022-48541)

Vulnerability from cvelistv5

wid-sec-w-2023-2185

Vulnerability from csaf_certbund

WID-SEC-W-2023-2185

Vulnerability from csaf_certbund

fkie_cve-2022-48541

Vulnerability from fkie_nvd

ghsa-g5fw-9pgg-xvqg

Vulnerability from github

gsd-2022-48541

Vulnerability from gsd

Tags

Sightings

Nomenclature