CVE-2022-32546 — Integer Overflow or Wraparound

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	imagemagick	< imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1 (bookworm)	imagemagick 8:6.9.11.60+dfsg-1.6+deb12u1 (bookworm)
debian	imagemagick	< imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)	imagemagick 8:6.9.11.60+dfsg-1.5 (bookworm)
fedoraproject	extra_packages_for_enterprise_linux	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
imagemagick	imagemagick	< 6.9.12-44	6.9.12-44
imagemagick	imagemagick	< 7.1.1-11	7.1.1-11
imagemagick	imagemagick	—	—
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.3+deb11u2	8:6.9.11.60+dfsg-1.3+deb11u2
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.3+deb11u3	8:6.9.11.60+dfsg-1.3+deb11u3
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.5	8:6.9.11.60+dfsg-1.5
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.6+deb12u1	8:6.9.11.60+dfsg-1.6+deb12u1
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.5	8:6.9.11.60+dfsg-1.5
imagemagick	imagemagick	>= 0 < 8:6.9.12.98+dfsg1-2	8:6.9.12.98+dfsg1-2
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.5	8:6.9.11.60+dfsg-1.5
imagemagick	imagemagick	>= 0 < 8:6.9.12.98+dfsg1-2	8:6.9.12.98+dfsg1-2
imagemagick	imagemagick	>= 0 < 8:6.9.7.4+dfsg-16ubuntu6.14	8:6.9.7.4+dfsg-16ubuntu6.14
imagemagick	imagemagick	>= 0 < 8:6.9.10.23+dfsg-2.1ubuntu11.9	8:6.9.10.23+dfsg-2.1ubuntu11.9
imagemagick	imagemagick	>= 0 < 8:6.9.10.23+dfsg-2.1ubuntu11.10	8:6.9.10.23+dfsg-2.1ubuntu11.10
imagemagick	imagemagick	>= 0 < 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5	8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
imagemagick	imagemagick	>= 0 < 8:6.7.7.10-6ubuntu3.13+esm3	8:6.7.7.10-6ubuntu3.13+esm3
imagemagick	imagemagick	>= 0 < 8:6.8.9.9-7ubuntu5.16+esm4	8:6.8.9.9-7ubuntu5.16+esm4
imagemagick	imagemagick	>= 0 < 8:6.8.9.9-7ubuntu5.16+esm8	8:6.8.9.9-7ubuntu5.16+esm8

OSV

imagemagick vulnerabilities

osv·2024-07-25·CVSS 7.8

[HIGH] imagemagick vulnerabilities imagemagick vulnerabilities USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem. Original advisory details: It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599) It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affec

OSV

imagemagick vulnerabilities

osv·2023-07-04·CVSS 7.8

CVE-2020-29599 [HIGH] imagemagick vulnerabilities imagemagick vulnerabilities It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599) It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick we

GHSA

GHSA-cm6m-2vvh-cxc6: A vulnerability was found in ImageMagick

ghsa_unreviewed·2023-05-31·CVSS 7.8

CVE-2023-34151 [HIGH] CWE-190 GHSA-cm6m-2vvh-cxc6: A vulnerability was found in ImageMagick A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

OSV

CVE-2023-34151: A vulnerability was found in ImageMagick

osv·2023-05-30·CVSS 7.8

CVE-2023-34151 [HIGH] CVE-2023-34151: A vulnerability was found in ImageMagick A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

OSV

imagemagick vulnerabilities

osv·2022-11-24·CVSS 5.5

CVE-2021-20224 [MEDIUM] imagemagick vulnerabilities imagemagick vulnerabilities USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu 22.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain val

OSV

imagemagick vulnerabilities

osv·2022-11-24·CVSS 5.5

CVE-2021-20224 [MEDIUM] imagemagick vulnerabilities imagemagick vulnerabilities It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241) Zhang Xiaohui discovered that ImageMagick incorrectly handled ce

OSV

imagemagick vulnerabilities

osv·2022-07-26·CVSS 7.8

CVE-2022-32545 [HIGH] imagemagick vulnerabilities imagemagick vulnerabilities It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2022-32545, CVE-2022-32546) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2022-32547)

GHSA

GHSA-4r84-8p56-p7xq: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl

ghsa_unreviewed·2022-06-17

CVE-2022-32546 [HIGH] CWE-190 GHSA-4r84-8p56-p7xq: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

OSV

CVE-2022-32546: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl

osv·2022-06-16·CVSS 7.8

CVE-2022-32546 [HIGH] CVE-2022-32546: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Ubuntu

ImageMagick vulnerabilities

vendor_ubuntu·2024-07-25·CVSS 7.8

CVE-2023-1289 [HIGH] ImageMagick vulnerabilities Title: ImageMagick vulnerabilities Summary: Several security issues were fixed in ImageMagick. USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem. Original advisory details: It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599) It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker co

Ubuntu

ImageMagick vulnerabilities

vendor_ubuntu·2023-07-04·CVSS 7.8

CVE-2023-1289 [HIGH] ImageMagick vulnerabilities Title: ImageMagick vulnerabilities Summary: Several security issues were fixed in ImageMagick. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599) It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when proce

Red Hat

ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders

vendor_redhat·2023-05-29·CVSS 7.8

CVE-2023-34151 [HIGH] CWE-190 ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to size_t in svg, mvg and other coders. Package: ImageMagick (Red Hat Enterprise Linux 6) - Out of support scope Package: ImageMagick (Red Hat Enterprise Linux 7) - Out of support scope

Debian

CVE-2023-34151: imagemagick - A vulnerability was found in ImageMagick. This security flaw ouccers as an undef...

vendor_debian·2023·CVSS 7.8

CVE-2023-34151 [HIGH] CVE-2023-34151: imagemagick - A vulnerability was found in ImageMagick. This security flaw ouccers as an undef... A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u1) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u3) forky: resolved (fixed in 8:6.9.12.98+dfsg1-2) sid: resolved (fixed in 8:6.9.12.98+dfsg1-2) trixie: resolved (fixed in 8:6.9.12.98+dfsg1-2)

Ubuntu

ImageMagick vulnerabilities

vendor_ubuntu·2022-11-24·CVSS 5.5

CVE-2021-20313 [MEDIUM] ImageMagick vulnerabilities Title: ImageMagick vulnerabilities Summary: Several security issues were fixed in ImageMagick. USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu 22.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang

Ubuntu

ImageMagick vulnerabilities

vendor_ubuntu·2022-11-24·CVSS 5.5

CVE-2021-20313 [MEDIUM] ImageMagick vulnerabilities Title: ImageMagick vulnerabilities Summary: Several security issues were fixed in ImageMagick. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-2024

Ubuntu

ImageMagick vulnerabilities

vendor_ubuntu·2022-07-26·CVSS 7.8

CVE-2022-32546 [HIGH] ImageMagick vulnerabilities Title: ImageMagick vulnerabilities Summary: Several security issues were fixed in ImageMagick. It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2022-32545, CVE-2022-32546) It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2022-32547) Instructions: In general, a standard system update will make all the necessary changes.

Red Hat

ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c

vendor_redhat·2022-03-24·CVSS 7.8

CVE-2022-32546 [HIGH] CWE-190 ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.c A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. A vulnerability was found in ImageMagick. When crafted or untrusted input is processed, it causes issues outside the range of representable values of type 'unsigned long' at coders/pcl.c. This issue leads to a negative impact on application availability or other problems related to undefined behavior. Package: ImageMagick (Red Hat Enterprise Linux 6) - Out of support scope Package: ImageMagick (Red Hat Ente

Debian

CVE-2022-32546: imagemagick - A vulnerability was found in ImageMagick, causing an outside the range of repres...

vendor_debian·2022·CVSS 7.8

CVE-2022-32546 [HIGH] CVE-2022-32546: imagemagick - A vulnerability was found in ImageMagick, causing an outside the range of repres... A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Scope: local bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.5) bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u2) forky: resolved (fixed in 8:6.9.11.60+dfsg-1.5) sid: resolved (fixed in 8:6.9.11.60+dfsg-1.5) trixie: resolved (fixed in 8:6.9.11.60+dfsg-1.5)

CVE-2022-32546: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or…

Affected

CVSS provenance