CVE-2022-1115
Summary
| CVE | CVE-2022-1115 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-29 15:15:00 UTC |
|---|
| Updated | 2022-09-06 14:09:00 UTC |
|---|
| Description | A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 2067022 – (CVE-2022-1115) CVE-2022-1115 ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h |
MISC |
bugzilla.redhat.com |
|
| heap-buffer-overflow in magick at quantum-private.h PushShortPixel · Issue #4974 · ImageMagick/ImageMagick · GitHub |
MISC |
github.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| https://github.com/ImageMagick/ImageMagick/issues/4974 · ImageMagick/ImageMagick6@1f860f5 · GitHub |
MISC |
github.com |
|
| https://github.com/ImageMagick/ImageMagick/issues/4974 · ImageMagick/ImageMagick@c871830 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 502537 Alpine Linux Security Update for imagemagick
- 502870 Alpine Linux Security Update for imagemagick
- 6000487 Debian Security Update for imagemagick (DSA 5628-1)
