CVE-2022-44267 : ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG im

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Published 2023-02-06 21:15:09

Updated 2025-03-26 15:15:40

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-44267

Imagemagick » Imagemagick » Version: 7.1.0-49
cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-44267

EPSS FAQ

16.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-44267

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-26
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-44267

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2022-44267

https://www.metabaseq.com/imagemagick-zero-days/

ImageMagick: The hidden vulnerability behind your online images - Metabase Q
Exploit;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2023/dsa-5347

Debian -- Security Information -- DSA-5347-1 imagemagick

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

[SECURITY] Fedora 36 Update: ImageMagick-6.9.12.77-1.fc36 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

[SECURITY] Fedora 36 Update: ImageMagick-6.9.12.77-1.fc36 - package-announce - Fedora mailing-lists

CVEs referencing this url
https://imagemagick.org/

ImageMagick – Convert, Edit, or Compose Digital Images
Product

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.77-1.fc37 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.77-1.fc37 - package-announce - Fedora mailing-lists

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

[SECURITY] [DLA 3357-1] imagemagick security update

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-44267

Products affected by CVE-2022-44267

Exploit prediction scoring system (EPSS) score for CVE-2022-44267

CVSS scores for CVE-2022-44267

CWE ids for CVE-2022-44267

References for CVE-2022-44267