Attacker Value
High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
1

CVE-2022-44268

Disclosure Date: February 06, 2023
CVE-2022-44268 CVSS v3 Base Score: 6.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Add Assessment

1
Ratings
  • Attacker Value
    High
  • Exploitability
    High
Technical Analysis

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure by injecting a malicious PNG file.

“A malicious actor could craft a PNG or use an existing one and add a textual chunk type (e.g., tEXt). These types have a keyword and a text string. If the keyword is the string “profile” (without quotes) then ImageMagick will interpret the text string as a filename and will load the content as a raw profile, then the attacker can download the resized image which will come with the content of a remote file.”

At risk

ImageMagick 7.1.0-49

Mitigation

Patch to version 7.1.0-52 or higher

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • imagemagick

Products

  • imagemagick 7.1.0-49

References

Canonical
CVE-2022-44268 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268)
Advisory
DSA-5347 (https://www.debian.org/security/2023/dsa-5347)
FEDORA-2023-6537113d6d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/)
FEDORA-2023-93389b8a9e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/)
[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update (https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html)
Exploit
PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.
CVE-2022-44268 ImageMagick Arbitrary File Read PoC (https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC)
CVE-2022-44268 ImageMagick Arbitrary Local File Read in Docker (https://github.com/y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment)
CVE-2022-44268 (https://github.com/voidz0r/CVE-2022-44268) (Added by AKB Worker)
Miscellaneous
The Hacker News - Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility (https://thehackernews.com/2023/02/researchers-uncover-new-bugs-in-popular.html)
https://imagemagick.org/
https://www.metabaseq.com/imagemagick-zero-days/
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis