VIR Vulnerability Intelligence Relay

CVE-2022-44267

unknown
Published โ€” ยท Modified โ€”
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
1.0

Description

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-51256 dos php text ยท 1 KB
nu11secur1ty ยท 2023-04-05

ImageMagick 7.1.0-49 - DoS

text exploit Source: Exploit-DB 
## Exploit Title: ImageMagick 7.1.0-49 - DoS
## Author: nu11secur1ty
## Date: 02.07.2023
## Vendor: https://imagemagick.org/
## Software: https://imagemagick.en.uptodown.com/windows/download/82953605
## Reference: https://portswigger.net/daily-swig/denial-of-service
## CVE-ID: CVE-2022-44267

## Description:
ImageMagick 7.1.0-49 is vulnerable to Denial of Service.
When it parses a PNG image (e.g., for resize), the convert process
could be left waiting for stdin input.
The attacker can easily send a malicious png file to the victim and
then when the victim has opened this png he will crash the program.

STATUS: HIGH Vulnerability

[+]Payload:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-44267/PoC)

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-44267)

## Proof and Exploit:
[href](https://streamable.com/l7z79c)

## Time spend:
00:30:00

-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed8:6.9.11.60+dfsg-1.6
debian debianbullseyefixed8:6.9.11.60+dfsg-1.3+deb11u1
debian debianforkyfixed8:6.9.11.60+dfsg-1.6
debian debiansidfixed8:6.9.11.60+dfsg-1.6
debian debiantrixiefixed8:6.9.11.60+dfsg-1.6

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.