Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-1115

Опубликовано: 29 авг. 2022
Источник: debian
EPSS Низкий

Описание

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.12.98+dfsg1-2package
imagemagicknot-affectedbusterpackage
imagemagicknot-affectedstretchpackage

Примечания

  • https://github.com/ImageMagick/ImageMagick/issues/4974

  • Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51 (6.9.12-44)

  • Introduced by (Support 32-bit tiles TIFF images): https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef476 (6.9.10-88)

EPSS

Процентиль: 11%
0.00037
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-1115

CVSS3: 5.5
ubuntu
больше 3 лет назад

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

redhat логотип

CVE-2022-1115

CVSS3: 5.5
redhat
почти 4 года назад

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

nvd логотип

CVE-2022-1115

CVSS3: 5.5
nvd
больше 3 лет назад

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

github логотип

GHSA-fjc8-cg4w-2h6c

CVSS3: 5.5
github
больше 3 лет назад

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

fstec логотип

BDU:2024-04487

CVSS3: 5.5
fstec
больше 3 лет назад

Уязвимость функции PushShortPixel() программы для чтения и редактирования файлов множества графических форматов ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 11%
0.00037
Низкий