CVE-2022-32545

Description

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Related CPE's

a imagemagick imagemagick ********

o redhat enterprise_linux 7.0 *******

a fedoraproject extra_packages_for_enterprise_linux 8.0 *******

o fedoraproject fedora 36 *******

References

https://bugzilla.redhat.com/show_bug.cgi?id=2091811

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa

PatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	6.800000190734863
VectorString	AV:N/AC:M/Au:N/C:P/I:P/A:P
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io