Denial of Service Vulnerability in ImageMagick Affects Multiple Versions
CVE-2022-2719

5.5MEDIUM

Key Information:

Vendor: Fedoraproject
Status: Imagemagick
Vendor: CVE Published:; 10 August 2022

Summary

A vulnerability exists in ImageMagick where a crafted file may result in an assertion failure during the WriteImages operation. This occurs due to a NULL image list, potentially resulting in service disruptions. Users are advised to update to ImageMagick version 7.1.0-30 or later to mitigate this issue.

Affected Version(s)

ImageMagick ImageMagick versions before 7.1.0-30

References

https://bugzilla.redhat.com/show_bug.cgi?id=2116537

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Aug 8, 2022