Heap Buffer Overflow in ImageMagick Affecting Image Conversion
CVE-2022-1115

5.5MEDIUM

Key Information:

Vendor

Imagemagick
Status
Imagemagick
Vendor
CVE Published:
29 August 2022

What is CVE-2022-1115?

A heap-buffer-overflow vulnerability exists in the PushShortPixel() function within the quantum-private.h file of ImageMagick. This issue arises when an attacker supplies a specially crafted TIFF image file during conversion operations, potentially allowing for a denial of service, impacting application stability and security. Users are advised to update their ImageMagick installations and implement security measures to mitigate the risks associated with this flaw.

Affected Version(s)

ImageMagick Fixed in ImageMagick6 v6.9.12-44, ImageMagick7 v7.1.0-29

References

https://bugzilla.redhat.com/show_bug.cgi?id=2067022
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick/issues/4974
x_refsource_MISC
https://github.com/ImageMagick/ImageMagick6/commit/1f860f...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.