CVE-2022-28463Classic Buffer Overflow in Imagemagick

CWE-120Classic Buffer Overflow14 documents6 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.1%
top 67.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickDebian ImagemagickDebian Linux
Timeline
PublishedMay 8
Latest updateJul 25

Description

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
NVDimagemagick/imagemagick6.9.4-06.9.12-44+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+10

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
GHSA
GHSA-qw7q-8xqj-844w: ImageMagick 72022-05-10

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerability2022-06-01