CVE-2022-32545Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound16 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.1%
top 71.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ImagemagickFedoraproject Extra Packages FOR Enterprise LinuxFedoraproject Fedora+1 more
Timeline
PublishedJun 16
Latest updateJul 25

Description

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDimagemagick/imagemagick7.1.07.1.0-28+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+11
CVEListV5imagemagick/imagemagickFixed in ImageMagick 6.9.12-43, ImageMagick 7.1.0-28

Also affects: Fedora 36, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

8
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-07-26

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-07-26
CVE-2022-32545 — Integer Overflow or Wraparound | cvebase