Vulnerability Name:

CVE-2022-1115

Assigned:2022-08-29
Published:2022-08-29
Updated:2022-09-06
Summary:A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-787
References:Source: MITRE
Type: CNA
CVE-2022-1115

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-1115

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2067022

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/ImageMagick/ImageMagick/commit/c8718305f120293d8bf13724f12eed885d830b09

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/4974

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51

Vulnerable Configuration:Configuration 1:
  • cpe:/a:imagemagick:imagemagick:*:*:*:*:*:*:*:* (Version < 6.9.12-44)
  • OR cpe:/a:imagemagick:imagemagick:*:*:*:*:*:*:*:* (Version >= 7.0.0-0 and < 7.1.0-29)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8055
    P
    		perl-PerlMagick-7.1.0.9-150400.6.18.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7867
    P
    		ImageMagick-7.1.0.9-150400.6.18.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3251
    P
    		libshibsp-lite6-2.5.5-6.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3420
    P
    		MozillaFirefox-68.1.0-109.92.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94881
    P
    		ImageMagick-7.1.0.9-150400.4.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95050
    P
    		perl-PerlMagick-7.1.0.9-150400.4.7 on GA media (Moderate)
    2022-06-22
    BACK
    imagemagick imagemagick *
    imagemagick imagemagick *