CVE-2022-1115

Summary

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aImageMagickFixed in ImageMagick6 v6.9.12-44, ImageMagick7 v7.1.0-29affected

Weaknesses

  • CWE-119: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.

ADP Enrichment

CVE Program Container

Additional References

References