QwikSec

Security Database

CVE

CWE

Training

CVE-2022-32547

Published: Jun 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Vendor	Product	Versions
n/a	ImageMagick	affected `Fixed in ImageMagick 6.9.12-45, ImageMagick 7.1.0-30`

References

https://bugzilla.redhat.com/show_bug.cgi?id=2091813

https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0

https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b

[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.