Vulnerability Description
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 7.1.0-20 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2022-0284Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2045943Issue TrackingPatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa5PatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/issues/4729ExploitIssue TrackingThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2022-0284Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2045943Issue TrackingPatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa5PatchThird Party Advisory
- https://github.com/ImageMagick/ImageMagick/issues/4729ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2022-0284?
CVE-2022-0284 is a vulnerability with a CVSS score of 7.1 (HIGH). A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image F...
How severe is CVE-2022-0284?
CVE-2022-0284 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0284?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.