CVE-2022-0284 — Out-of-bounds Read in Imagemagick

CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 88.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedAug 29

Latest updateNov 6

Description

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDimagemagick/imagemagick< 7.1.0-20

▶debiandebian/imagemagick

▶CVEListV5imagemagick/imagemagickFixed in ImageMagick-7.1.0-20

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-6pvw-f57p-4vww: A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor↗2022-08-29

▶

📋Vendor Advisories

Red Hat

ImageMagick: Heap buffer overread in GetPixelAlpha() declared in MagickCore/pixel-accessor.h↗2022-01-18

▶

Debian

CVE-2022-0284: imagemagick - A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() fu...↗2022

▶

📄Research Papers

arXiv

Specification-Guided Vulnerability Detection with Large Language Models↗2025-11-06

▶