Vulnerability in N/a
CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
EPSS: 0.886 (99.5th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC
- voidz0r/CVE-2022-44268
- Sybil-Scan/imagemagick-lfi-poc
- kljunowsky/CVE-2022-44268
- entr0pie/CVE-2022-44268
- y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment
- Vulnmachines/imagemagick-CVE-2022-44268
- jnschaeffer/cve-2022-44268-detector
- agathanon/cve-2022-44268
- chairat095/CVE-2022-44268_By_Kyokito
References
- imagemagick.org/
- www.metabaseq.com/imagemagick-zero-days/
- DSA-5347 (vendor-advisory)
- FEDORA-2023-6537113d6d (vendor-advisory)
- FEDORA-2023-93389b8a9e (vendor-advisory)
- [debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update (mailing-list)
- packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.h…
Frequently asked questions
- What is CVE-2022-44268?
- CVE-2022-44268 is a vulnerability in N/a. Published 2023-02-06.
- Is CVE-2022-44268 known to be exploited?
- 76 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.