Main Vulnerability Database Vulnerabilities #VU72079

#VU72079 Resource management error in ImageMagick - CVE-2022-44267

Published: February 9, 2023 / Updated: October 25, 2024

Vulnerability identifier: #VU72079

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2022-44267

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
ImageMagick

Software vendor:
ImageMagick.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when performing operations on crafted PNG images. A remote attacker can pass specially crafted PNG image to the application and force the application to wait indefinitely for the stdin input, consuming system resources.

Remediation

Install updates from vendor's website.

External links

https://www.metabaseq.com/imagemagick-zero-days/
https://github.com/ImageMagick/ImageMagick/commit/05673e63c919e61ffa1107804d1138c46547a475

#VU72079 Resource management error in ImageMagick - CVE-2022-44267

Description

Remediation

External links

Please verify you're human