A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
References
Link | Resource |
---|---|
https://github.com/ImageMagick/ImageMagick/issues/2889 | Exploit Issue Tracking Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/ | Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/ | Third Party Advisory |
Configurations
History
20 Mar 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Mar 2024, 17:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/ - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
24 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Aug 2023, 20:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-401 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Imagemagick imagemagick
Imagemagick |
|
References | (MISC) https://github.com/ImageMagick/ImageMagick/issues/2889 - Exploit, Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:imagemagick:imagemagick:7.0.10-45:*:*:*:*:*:*:* cpe:2.3:a:imagemagick:imagemagick:6.9.11-22:*:*:*:*:*:*:* |
22 Aug 2023, 20:10
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-22 19:16
Updated : 2024-03-20 10:15
NVD link : CVE-2022-48541
Mitre link : CVE-2022-48541
CVE.ORG link : CVE-2022-48541
JSON object : View
Products Affected
fedoraproject
- fedora
imagemagick
- imagemagick
CWE
CWE-401
Missing Release of Memory after Effective Lifetime