Vulnerability in ImageMagick Affects Application Availability
CVE-2022-32546

7.8HIGH

Key Information:

Vendor: Imagemagick
Status: Imagemagick
Vendor: CVE Published:; 16 June 2022

Summary

A flaw in ImageMagick allows for untrusted input to cause an out-of-range condition for the 'unsigned long' type, leading to potential disruptions in application availability and undefined behaviors. This vulnerability highlights the importance of robust input validation in software processing.

Affected Version(s)

ImageMagick Fixed in ImageMagick 6.9.12-44, ImageMagick 7.1.0-29

References

https://bugzilla.redhat.com/show_bug.cgi?id=2091812

https://github.com/ImageMagick/ImageMagick/commit/f221ea0...

https://github.com/ImageMagick/ImageMagick6/commit/29c8ab...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2022
Vulnerability Reserved
Jun 8, 2022