Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-1114

Опубликовано: 16 мар. 2022
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

Отчет

Versions of ImageMagick shipped with Red Hat Enterprise Linux 6, 7 are not affected, because vulnerable code is not present in our code-base. Red Hat Product Security has rated this issue as having a Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickNot affected
Red Hat Enterprise Linux 7ImageMagickNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2064538ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.c

EPSS

Процентиль: 24%
0.00077
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVSS3: 7.1
ubuntu
около 3 лет назад

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

CVSS3: 7.1
nvd
около 3 лет назад

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

CVSS3: 7.1
debian
около 3 лет назад

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInf ...

CVSS3: 7.1
github
около 3 лет назад

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

CVSS3: 6.8
fstec
больше 3 лет назад

Уязвимость функции RelinquishDCMInfo() компонента dcm.c консольного графического редактора ImageMagick, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

EPSS

Процентиль: 24%
0.00077
Низкий

6.1 Medium

CVSS3