CVE-2022-32547

Description

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Related CPE's

aimagemagickimagemagick********

aimagemagickimagemagick********

oredhatenterprise_linux7.0*******

oredhatenterprise_linux6.0*******

afedoraprojectextra_packages_for_enterprise_linux8.0*******

ofedoraprojectfedora36*******

References

https://bugzilla.redhat.com/show_bug.cgi?id=2091813

Issue TrackingPatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b

PatchThird Party Advisory

https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0

PatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

6.800000190734863

VectorString

AV:N/AC:M/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io