#VU64949 Type conversion


Published: 2022-07-06 | Updated: 2022-07-06

Vulnerability identifier: #VU64949

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-32547

CWE-ID: CWE-704

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ImageMagick
Client/Desktop applications / Multimedia software

Vendor: ImageMagick.org

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a load of misaligned address for type 'double' in MagickCore/property.c. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ImageMagick: 7.1.0-0 - 7.1.0-29, 6.9.12-0 - 6.9.12-44


CPE

External links
http://bugzilla.redhat.com/show_bug.cgi?id=2091813
http://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
http://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability