Search for vulnerabilities
Vulnerability details: VCID-a29e-4vdk-5kac
Vulnerability ID VCID-a29e-4vdk-5kac
Aliases CVE-2022-44268
Summary ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Status Published
Exploitability 2.0
Weighted Severity 5.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
System Score Found at
cvssv3.1 6.5 http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
ssvc Track http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44268.json
epss 0.86502 https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss 0.88664 https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss 0.88664 https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss 0.88664 https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss 0.88664 https://api.first.org/data/v1/epss?cve=CVE-2022-44268
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://imagemagick.org/
ssvc Track https://imagemagick.org/
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44268
cvssv3.1 6.5 https://www.debian.org/security/2023/dsa-5347
ssvc Track https://www.debian.org/security/2023/dsa-5347
cvssv3.1 6.5 https://www.metabaseq.com/imagemagick-zero-days/
ssvc Track https://www.metabaseq.com/imagemagick-zero-days/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44268.json
https://api.first.org/data/v1/epss?cve=CVE-2022-44268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1030767 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767
2167594 https://bugzilla.redhat.com/show_bug.cgi?id=2167594
AINSUL2QBKETGYRPA7XSCMJWLUB44M6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
CVE-2022-44268 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/51261.txt
CVE-2022-44268 https://nvd.nist.gov/vuln/detail/CVE-2022-44268
dsa-5347 https://www.debian.org/security/2023/dsa-5347
ImageMagick-7.1.0-48-Arbitrary-File-Read.html http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
imagemagick.org https://imagemagick.org/
imagemagick-zero-days https://www.metabaseq.com/imagemagick-zero-days/
msg00008.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
USN-5855-1 https://usn.ubuntu.com/5855-1/
USN-5855-2 https://usn.ubuntu.com/5855-2/
USN-5855-4 https://usn.ubuntu.com/5855-4/
ZZLLS37P67CMBRML6OCG42GPCKGRCJNV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Data source Exploit-DB
Date added April 5, 2023
Description ImageMagick 7.1.0-49 - Arbitrary File Read
Ransomware campaign use Unknown
Source publication date April 5, 2023
Exploit type local
Platform multiple
Source update date April 24, 2023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44268.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://imagemagick.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://imagemagick.org/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44268
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5347
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://www.debian.org/security/2023/dsa-5347
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.metabaseq.com/imagemagick-zero-days/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://www.metabaseq.com/imagemagick-zero-days/
Exploit Prediction Scoring System (EPSS)
Percentile 0.99385
EPSS Score 0.86502
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:35:03.019670+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.21/community.json 37.0.0