CVE-2022-1114

{"id": "CVE-2022-1114", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2022-04-29T16:15:08.587", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064538", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service."}, {"lang": "es", "value": "Se ha encontrado un fallo de uso de memoria previamente liberada de la pila en la funci\u00f3n RelinquishDCMInfo() del archivo dcm.c de ImageMagick. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de imagen DICOM especialmente dise\u00f1ado a ImageMagick para su conversi\u00f3n, conllevando potencialmente a una divulgaci\u00f3n de informaci\u00f3n y una denegaci\u00f3n de servicio"}], "lastModified": "2022-05-11T14:48:01.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAD5ACCB-28AD-41C7-BEF6-15616DEFE5E3", "versionEndExcluding": "6.9.12-43", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF9D0C6-59C6-4A68-849D-3C237CD85A2D", "versionEndExcluding": "7.1.0-28", "versionStartIncluding": "7.0.0-0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}