Bug 2116537 (CVE-2022-2719) - CVE-2022-2719 ImageMagick: Assertion Failure could lead to DoS due to attempted writing of NULL image list
Summary: CVE-2022-2719 ImageMagick: Assertion Failure could lead to DoS due to attempt...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2022-2719
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2116540 2116541
Blocks: 2116536
TreeView+ depends on / blocked
 
Reported: 2022-08-08 18:55 UTC by Todd Cullum
Modified: 2022-08-31 23:32 UTC (History)
11 users (show)

Fixed In Version: ImageMagick 7.1.0-30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-31 23:32:54 UTC


Attachments (Terms of Use)

Description Todd Cullum 2022-08-08 18:55:25 UTC
In ImageMagick 7.1.0-29, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

References:
https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49

Comment 1 Todd Cullum 2022-08-08 18:59:52 UTC
Similar but not exactly the same as CVE-2015-8898.

Comment 2 Todd Cullum 2022-08-08 19:00:55 UTC
Created ImageMagick tracking bugs for this issue:

Affects: epel-all [bug 2116541]
Affects: fedora-all [bug 2116540]

Comment 3 Product Security DevOps Team 2022-08-31 23:32:51 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2719


Note You need to log in before you can comment on or make changes to this bug.