CVE-2022-0284

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.

Published: Aug 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-0284
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
imagemagick / imagemagick	-	7.1.0-20

https://access.redhat.com/security/cve/CVE-2022-0284
https://bugzilla.redhat.com/show_bug.cgi?id=2045943
https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
https://github.com/ImageMagick/ImageMagick/issues/4729

Vulnerability Database

289,599

CVE-2022-0284