Bug 2167594 (CVE-2022-44268)
Summary: | CVE-2022-44268 ImageMagick: vulnerable to Information Disclosure when it parses a PNG image | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bdettelb, ikanias, jary, jhorak, rravi, tohughes |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | Flags: | trathi:
needinfo?
(jhorak) |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | ImageMagick 7.1.0-52, ImageMagick 6.9.12-67 | Doc Type: | If docs needed, set a value |
Doc Text: |
An information disclosure vulnerability was found in ImageMagick. This flaw allows an attacker to read arbitrary files from a server when parsing an image and happens when the program is parsing a PNG image. If ImageMagick has permission to read other arbitrary files, the resulting image could have been embedded with contents from another file on the machine after the parsing process.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2167599, 2167600, 2167601 | ||
Bug Blocks: | 2167598 |
Description
Sandipan Roy
2023-02-07 05:05:48 UTC
Created ImageMagick tracking bugs for this issue: Affects: epel-8 [bug 2167599] Affects: fedora-36 [bug 2167600] Affects: fedora-37 [bug 2167601] Upstream Commits: [1] https://github.com/ImageMagick/ImageMagick/commit/05673e63c919e61ffa1107804d1138c46547a475 (ImageMagick 7.1.0-52) [2] https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe (ImageMagick 6.9.12-67) in 22 of dec of 2022 I updated all branches to 6.9.12-70 [1] as we can't have versions with "-" we convert "-" to "." so, in Fedora, version is 6.9.12.70 [1] * 6210760 2022-12-22 22:03 Sérgio M. Basto (origin/f37, origin/f36, origin/epel9, origin/epel8, f37, f36, epel9, epel8) Update ImageMagick to 6.9.12.70 (#2150658) |