Vulnerability Description
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Extra Packages For Enterprise Linux | 8.0 |
| Imagemagick | Imagemagick | < 7.1.0-30 |
| Fedoraproject | Fedora | 36 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2116537Issue TrackingPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2116537Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2022-2719?
CVE-2022-2719 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of serv...
How severe is CVE-2022-2719?
CVE-2022-2719 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2719?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Extra Packages For Enterprise Linux, Imagemagick Imagemagick, Fedoraproject Fedora.