Vulnerabilities > CVE-2022-32547 - Incorrect Type Conversion or Cast vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2091813
- https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b
- https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0
- https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html