Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-44267 — Improper Resource Shutdown or Release in Imagemagick

CWE-404 — Improper Resource Shutdown or Release CWE-20 — Improper Input Validation11 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

22.1%

top 4.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedFeb 6

Latest updateApr 17

Description

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.60+dfsg-1.6 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.9.11.60+dfsg-1.3+deb11u1+3

▶NVDimagemagick/imagemagick7.1.0-49

🔴Vulnerability Details

OSV

CVE-2022-44267: ImageMagick 7↗2023-02-06

▶

GHSA

GHSA-78w3-m2fr-9r73: ImageMagick 7↗2023-02-06

▶

💥Exploits & PoCs

Exploit-DB

ImageMagick 7.1.0-49 - DoS↗2023-04-05

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Observed Inbound (CVE-2022-44267)↗2023-02-05

▶

Suricata

ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Upload Attempt (CVE-2022-44267)↗2023-02-05

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2023-04-17

▶

Ubuntu

ImageMagick vulnerabilities↗2023-03-15

▶

Ubuntu

ImageMagick vulnerabilities↗2023-02-09

▶

Red Hat

ImageMagick: Denial of Service when it parses a PNG image↗2023-02-06

▶

Debian

CVE-2022-44267: imagemagick - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG im...↗2022

▶