QID 354809

an integer overflow issue was discovered in imagemagicks exportindexquantum() function in magickcore/quantum-export.c.
Function calls to getpixelindex() could result in values outside the range of representable for the unsigned char.
When imagemagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. (
( CVE-2021-20224) a vulnerability was found in imagemagick.
Memory leaks are detected when executing a crafted file with the convert command, affecting availability. (
( CVE-2021-3574) a flaw was found in imagemagick.
The vulnerability occurs due to improper use of open functions and leads to a denial of service.
This flaw allows an attacker to crash the system. (
( CVE-2021-4219) imagemagick 7.1.0-27 is vulnerable to buffer overflow. (
( CVE-2022-28463) a vulnerability was found in imagemagick, causing an outside the range of representable values of type unsigned char at coders/psd.c, when crafted or untrusted input is processed.
This leads to a negative impact to application availability or other problems related to undefined behavior. (
( CVE-2022-32545) a vulnerability was found in imagemagick, causing an outside the range of representable values of type unsigned long at coders/pcl.c, when crafted or untrusted input is processed.
( CVE-2022-32546) in imagemagick, there is load of misaligned address for type double, which requires 8 byte alignment and for type float, which requires 4 byte alignment at magickcore/property.c.
Whenever crafted or untrusted input is processed by imagemagick, this causes a negative impact to application availability or other problems related to undefined behavior. (
( CVE-2022-44268)

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.