CVE-2022-32546Integer Overflow or Wraparound in Imagemagick

CWE-190Integer Overflow or Wraparound22 documents7 sources
Severity
7.8HIGHNVD
NVD5.5OSV5.5
EPSS
0.1%
top 68.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ImagemagickDebian LinuxFedoraproject Extra Packages FOR Enterprise Linux+2 more
Timeline
PublishedJun 16
Latest updateJul 25

Description

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDimagemagick/imagemagick7.1.07.1.0-29+2
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+7
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+11
CVEListV5imagemagick/imagemagickFixed in ImageMagick 6.9.12-44, ImageMagick 7.1.0-29, ImageMagick-6.7+1

Also affects: Debian Linux 10.0, Fedora 36, 37, 38, Enterprise Linux 6.0, 7.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

11
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
GHSA
GHSA-cm6m-2vvh-cxc6: A vulnerability was found in ImageMagick2023-05-31
CVEList
CVE-2023-34151: A vulnerability was found in ImageMagick2023-05-30
OSV
CVE-2023-34151: A vulnerability was found in ImageMagick2023-05-30

📋Vendor Advisories

9
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Red Hat
ImageMagick: Undefined behaviors of casting double to size_t in svg, mvg and other coders2023-05-29
Debian
CVE-2023-34151: imagemagick - A vulnerability was found in ImageMagick. This security flaw ouccers as an undef...2023
Ubuntu
ImageMagick vulnerabilities2022-11-24
CVE-2022-32546 — Integer Overflow or Wraparound | cvebase