2167593 – (CVE-2022-44267) CVE-2022-44267 ImageMagick: Denial of Service when it parses a PNG image

Bug 2167593 (CVE-2022-44267) - CVE-2022-44267 ImageMagick: Denial of Service when it parses a PNG image

Summary: CVE-2022-44267 ImageMagick: Denial of Service when it parses a PNG image

Keywords:
Status:	NEW
Alias:	CVE-2022-44267
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2167595 2167596 2167597
Blocks:	2167598
TreeView+	depends on / blocked

Reported:	2023-02-07 05:03 UTC by Sandipan Roy
Modified:	2023-07-07 08:35 UTC (History)
CC List:	6 users (show)
Fixed In Version:	ImaeMagick 7.1.0-52, ImageMagick 6.9.12-67
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in ImageMagick that is triggered when the software parses a PNG image containing a single dash (-) in the filename. To remotely exploit this bug, an attacker can upload a malicious PNG with a text chunk that adds a single dash in the name to any site using ImageMagick. The site would then parse the image, and ImageMagick would interpret the text string as the filename, loading the content as a raw profile. If this text string contains a single dash, the program would then try to read content from the standard input, potentially leaving the conversion process waiting infinitely, causing a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2023-02-07 05:03:55 UTC

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

https://imagemagick.org/
https://www.metabaseq.com/imagemagick-zero-days/

Comment 1 Sandipan Roy 2023-02-07 05:06:18 UTC

Created ImageMagick tracking bugs for this issue:

Affects: epel-8 [bug 2167595]
Affects: fedora-36 [bug 2167596]
Affects: fedora-37 [bug 2167597]

Comment 3 TEJ RATHI 2023-02-09 07:40:12 UTC

Upstream Commits:

[1] https://github.com/ImageMagick/ImageMagick/commit/05673e63c919e61ffa1107804d1138c46547a475 (ImageMagick 7.1.0-52)
[2] https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe (ImageMagick 6.9.12-67)

Note You need to log in before you can comment on or make changes to this bug.