CVE-2022-44268

Published: Feb 6, 2023Modified: Mar 26, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Affected (1)

Products: Imagemagick: Imagemagick

Imagemagick

1 product

Imagemagick

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Version 7.1.0-49

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html

Source: cve@mitre.org

https://imagemagick.org/

Source: cve@mitre.org

Product

https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Source: cve@mitre.org

https://www.debian.org/security/2023/dsa-5347

Source: cve@mitre.org

https://www.metabaseq.com/imagemagick-zero-days/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html