Vulnerabilities > CVE-2022-44268 - Unspecified vulnerability in Imagemagick 7.1.049

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

imagemagick

NVD

Published: 2023-02-06

Updated: 2023-11-07

Summary

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Vulnerable Configurations

Part	Description	Count
Application	Imagemagick Imagemagick Imagemagick 7.1.0-49	1

References

https://imagemagick.org/
https://www.metabaseq.com/imagemagick-zero-days/
https://www.debian.org/security/2023/dsa-5347
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/