Back to bug 2167593
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-02-07 05:04:28 UTC | CC | jhorak | |
| Sandipan Roy | 2023-02-07 05:06:13 UTC | Depends On | 2167595, 2167596, 2167597 | |
| Sandipan Roy | 2023-02-07 05:06:44 UTC | Blocks | 2167598 | |
| Sandipan Roy | 2023-02-07 05:07:20 UTC | Summary | CVE-2022-44267 imagemagick: Denial of Service when it parses a PNG image | CVE-2022-44267 ImageMagick: Denial of Service when it parses a PNG image |
| TEJ RATHI | 2023-02-08 05:19:17 UTC | CC | bdettelb, drieden, ikanias, jary, rravi, tohughes | |
| TEJ RATHI | 2023-02-09 07:22:33 UTC | Fixed In Version | ImaeMagick 7.1.0-52, ImageMagick 6.9.12-67 | |
| TEJ RATHI | 2023-02-09 07:57:54 UTC | Doc Text | A vulnerability was found in ImageMagick that gets triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that’d add a single dash in the name to any site using Imagemagick. The site would then parse the image and Imagemagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conversion process waiting infinitely, causing a DoS condition. | |
| Sandipan Roy | 2023-02-09 11:13:57 UTC | CC | rhel8-maint | |
| TEJ RATHI | 2023-02-09 11:25:17 UTC | CC | rhel8-maint | |
| RaTasha Tillery-Smith | 2023-02-09 13:01:02 UTC | Doc Text | A vulnerability was found in ImageMagick that gets triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that’d add a single dash in the name to any site using Imagemagick. The site would then parse the image and Imagemagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conversion process waiting infinitely, causing a DoS condition. | A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The site would then parse the image, and ImageMagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conversion process waiting infinitely, causing a denial of service. |
| Red Hat Bugzilla | 2023-05-15 18:09:15 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-07-07 08:35:32 UTC | Assignee | security-response-team | nobody |
Back to bug 2167593