CVE-2022-0284
Summary
| CVE | CVE-2022-0284 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-29 15:15:00 UTC |
|---|
| Updated | 2022-09-01 19:58:00 UTC |
|---|
| Description | A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 2045943 – (CVE-2022-0284) CVE-2022-0284 ImageMagick: Heap buffer overread in GetPixelAlpha() declared in MagickCore/pixel-accessor.h |
MISC |
bugzilla.redhat.com |
|
| https://github.com/ImageMagick/ImageMagick/issues/4729 · ImageMagick/ImageMagick@e50f19f · GitHub |
MISC |
github.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| Heap Buffer Overflow · Issue #4729 · ImageMagick/ImageMagick · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 502536 Alpine Linux Security Update for imagemagick
- 751737 OpenSUSE Security Update for ImageMagick (openSUSE-SU-2022:0540-1)
- 753312 SUSE Enterprise Linux Security Update for ImageMagick (SUSE-SU-2022:0540-1)
