Bug 2116537 (CVE-2022-2719)

Summary: CVE-2022-2719 ImageMagick: Assertion Failure could lead to DoS due to attempted writing of NULL image list
Product: [Other] Security Response Reporter: Todd Cullum <tcullum>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: blaise, davide, epel-packagers-sig, fedora, jhorak, luya_tfz, michel, ngompa13, pampelmuse, sergio, troy
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: ImageMagick 7.1.0-30 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-31 23:32:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2116540, 2116541    
Bug Blocks: 2116536    

Description Todd Cullum 2022-08-08 18:55:25 UTC
In ImageMagick 7.1.0-29, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.


Comment 1 Todd Cullum 2022-08-08 18:59:52 UTC
Similar but not exactly the same as CVE-2015-8898.

Comment 2 Todd Cullum 2022-08-08 19:00:55 UTC
Created ImageMagick tracking bugs for this issue:

Affects: epel-all [bug 2116541]
Affects: fedora-all [bug 2116540]

Comment 3 Product Security DevOps Team 2022-08-31 23:32:51 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):