Vulnerability Name: | CVE-2022-1114 (CCN-225592) | ||||||||||||||||||||||||||||
Assigned: | 2022-03-16 | ||||||||||||||||||||||||||||
Published: | 2022-03-16 | ||||||||||||||||||||||||||||
Updated: | 2022-05-11 | ||||||||||||||||||||||||||||
Summary: | A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. | ||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H) 6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
| ||||||||||||||||||||||||||||
Vulnerability Type: | CWE-416 | ||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-1114 Source: CCN Type: Red Hat Bugzilla - Bug 2064538 (CVE-2022-1114) - CVE-2022-1114 ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2064538 Source: XF Type: UNKNOWN imagemagick-cve20221114-bo(225592) Source: CCN Type: ImageMagick Web site ImageMagick Source: CCN Type: Mend Vulnerability Database CVE-2022-1114 | ||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
BACK |