CVE-2022-44267
published 2023-02-06CVE-2022-44267: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin…
PriorityP357medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
76.58%
99.5th percentile
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | imagemagick | < imagemagick 8:6.9.11.60+dfsg-1.6 (bookworm) | imagemagick 8:6.9.11.60+dfsg-1.6 (bookworm) |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.3+deb11u1 | 8:6.9.11.60+dfsg-1.3+deb11u1 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.6 | 8:6.9.11.60+dfsg-1.6 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.6 | 8:6.9.11.60+dfsg-1.6 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.6 | 8:6.9.11.60+dfsg-1.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor ImageMagick 'convert' processes that hang indefinitely (blocking on stdin) when processing user-supplied PNG files — this is the observable DoS symptom. ↗
- →Beyond DoS, the same vector may allow arbitrary file content disclosure by embedding filenames of local files in the PNG text chunk, causing ImageMagick to read and include them into output images. ↗
- ·The vulnerability affects ImageMagick 7.1.0-49 specifically; patched Debian packages are available (fixed in 8:6.9.11.60+dfsg-1.6 for bookworm/sid/trixie/forky and 8:6.9.11.60+dfsg-1.3+deb11u1 for bullseye). Red Hat Enterprise Linux 6 and 7 packages are out of support scope. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2023-04-17
CVE-2022-44267 ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the
corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2023-03-15
CVE-2022-44267 ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
USN-5855-1 fixed a vulnerability in ImageMagick. This update provides
the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
22.10.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2023-02-09
CVE-2022-44268 ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ImageMagick: Denial of Service when it parses a PNG image
vendor_redhat·2023-02-06·CVSS 6.5
CVE-2022-44267 [MEDIUM] CWE-20 ImageMagick: Denial of Service when it parses a PNG image
ImageMagick: Denial of Service when it parses a PNG image
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The site would then parse the image, and ImageMagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conve
Debian
CVE-2022-44267: imagemagick - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG im...
vendor_debian·2022·CVSS 6.5
CVE-2022-44267 [MEDIUM] CVE-2022-44267: imagemagick - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG im...
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Scope: local
bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6)
bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u1)
forky: resolved (fixed in 8:6.9.11.60+dfsg-1.6)
sid: resolved (fixed in 8:6.9.11.60+dfsg-1.6)
trixie: resolved (fixed in 8:6.9.11.60+dfsg-1.6)
OSV
CVE-2022-44267: ImageMagick 7
osv·2023-02-06·CVSS 6.5
CVE-2022-44267 [MEDIUM] CVE-2022-44267: ImageMagick 7
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
GHSA
GHSA-78w3-m2fr-9r73: ImageMagick 7
ghsa_unreviewed·2023-02-06
CVE-2022-44267 [MEDIUM] CWE-404 GHSA-78w3-m2fr-9r73: ImageMagick 7
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Suricata
ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Observed Inbound (CVE-2022-44267)
suricata·2023-02-05·CVSS 6.5
CVE-2022-44267 [MEDIUM] ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Observed Inbound (CVE-2022-44267)
ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Observed Inbound (CVE-2022-44267)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Observed Inbound (CVE-2022-44267)"; flow:established,to_client; file.data; content:"|89|PNG"; content:"profile|00 2d|"; within:256; fast_pattern; reference:cve,2022-44267; classtype:attempted-dos; sid:2044119; rev:2; metadata:attack_target Server, created_at 2023_02_05, cve CVE_2022_44267, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_03_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Upload Attempt (CVE-2022-44267)
suricata·2023-02-05·CVSS 6.5
CVE-2022-44267 [MEDIUM] ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Upload Attempt (CVE-2022-44267)
ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Upload Attempt (CVE-2022-44267)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Upload Attempt (CVE-2022-44267)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"|89|PNG"; content:"profile|00 2d|"; within:256; fast_pattern; reference:cve,2022-44267; classtype:attempted-dos; sid:2044118; rev:2; metadata:attack_target Server, created_at 2023_02_05, cve CVE_2022_44267, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_03_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
No writeups or analysis indexed.
https://imagemagick.org/https://lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/https://www.debian.org/security/2023/dsa-5347https://www.metabaseq.com/imagemagick-zero-days/https://imagemagick.org/https://lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/https://www.debian.org/security/2023/dsa-5347https://www.metabaseq.com/imagemagick-zero-days/
2023-02-06
Published