CVE-2022-1270Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
OSV6.5
EPSS
0.1%
top 84.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphicsmagickDebian Linux
Timeline
PublishedSep 28
Latest updateMar 27

Description

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Debiangraphicsmagick/graphicsmagick< 1.4+really1.3.36+hg16481-2+deb11u1+3
Ubuntugraphicsmagick/graphicsmagick< 1.4+really1.3.35-1ubuntu0.1+3
CVEListV5graphicsmagick/graphicsmagickGraphicsMagick-1.4.020220326

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

4
OSV
graphicsmagick vulnerabilities2023-03-27
GHSA
GHSA-95x6-vp26-h77r: In GraphicsMagick, a heap buffer overflow was found when parsing MIFF2022-09-29
OSV
CVE-2022-1270: In GraphicsMagick, a heap buffer overflow was found when parsing MIFF2022-09-28
CVEList
CVE-2022-1270: In GraphicsMagick, a heap buffer overflow was found when parsing MIFF2022-09-28

📋Vendor Advisories

2
Ubuntu
GraphicsMagick vulnerabilities2023-03-27
Debian
CVE-2022-1270: graphicsmagick - In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.2022