CVE-2022-1114 — Use After Free in Imagemagick

CWE-416 — Use After Free9 documents6 sources

Severity

7.1HIGHNVD

OSV5.5

EPSS

0.1%

top 74.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedApr 29

Latest updateNov 24

Description

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)

▶NVDimagemagick/imagemagick6.0 — 6.9.12-43+1

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3

▶Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+4

▶CVEListV5imagemagick/imagemagickImageMagick6 v6.9.12-43, ImageMagick7 v7.1.0-28

🔴Vulnerability Details

OSV

imagemagick vulnerabilities↗2022-11-24

▶

OSV

imagemagick vulnerabilities↗2022-11-24

▶

GHSA

GHSA-rhcm-mpjw-m6hf: A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm↗2022-04-30

▶

OSV

CVE-2022-1114: A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm↗2022-04-29

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2022-11-24

▶

Ubuntu

ImageMagick vulnerabilities↗2022-11-24

▶

Red Hat

ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c↗2022-03-16

▶

Debian

CVE-2022-1114: imagemagick - A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() functi...↗2022

▶