Vulnerabilities > CVE-2022-1114 - Use After Free vulnerability in Imagemagick

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
PARTIAL
network
imagemagick
CWE-416
NVD
Published: 2022-04-29
Updated: 2022-05-11

Summary

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Vulnerable Configurations

Part Description Count
Application
Imagemagick
1392

Common Weakness Enumeration (CWE)

References