CVE-2022-32547Incorrect Type Conversion or Cast in Imagemagick

CWE-704Incorrect Type Conversion or CastCWE-681Incorrect Conversion between Numeric Types16 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.1%
top 71.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ImagemagickFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedJun 16
Latest updateJul 25

Description

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDimagemagick/imagemagick7.1.0-07.1.0-30+1
Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u2+3
Ubuntuimagemagick/imagemagick< 8:6.9.7.4+dfsg-16ubuntu6.14+11
CVEListV5imagemagick/imagemagickFixed in ImageMagick 6.9.12-45, ImageMagick 7.1.0-30

Also affects: Fedora 36, Enterprise Linux 6.0, 7.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: github.com

🔴Vulnerability Details

8
OSV
imagemagick vulnerabilities2024-07-25
OSV
imagemagick vulnerabilities2023-07-04
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-11-24
OSV
imagemagick vulnerabilities2022-07-26

📋Vendor Advisories

7
Ubuntu
ImageMagick vulnerabilities2024-07-25
Ubuntu
ImageMagick vulnerabilities2023-07-04
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-11-24
Ubuntu
ImageMagick vulnerabilities2022-07-26
CVE-2022-32547 — Incorrect Type Conversion or Cast | cvebase