Search for vulnerabilities
Vulnerability details: VCID-gf34-7nqc-rkex
Vulnerability ID VCID-gf34-7nqc-rkex
Aliases CVE-2022-44267
Summary ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-404 Improper Resource Shutdown or Release
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44267.json
epss 0.06472 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.06472 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.06472 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.14284 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://imagemagick.org/
ssvc Track https://imagemagick.org/
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44267
cvssv3.1 6.5 https://www.debian.org/security/2023/dsa-5347
ssvc Track https://www.debian.org/security/2023/dsa-5347
cvssv3.1 6.5 https://www.metabaseq.com/imagemagick-zero-days/
ssvc Track https://www.metabaseq.com/imagemagick-zero-days/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44267.json
https://api.first.org/data/v1/epss?cve=CVE-2022-44267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1030767 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767
2167593 https://bugzilla.redhat.com/show_bug.cgi?id=2167593
AINSUL2QBKETGYRPA7XSCMJWLUB44M6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
CVE-2022-44267 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/51256.txt
CVE-2022-44267 https://nvd.nist.gov/vuln/detail/CVE-2022-44267
dsa-5347 https://www.debian.org/security/2023/dsa-5347
imagemagick.org https://imagemagick.org/
imagemagick-zero-days https://www.metabaseq.com/imagemagick-zero-days/
msg00008.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
USN-5855-1 https://usn.ubuntu.com/5855-1/
USN-5855-2 https://usn.ubuntu.com/5855-2/
USN-5855-4 https://usn.ubuntu.com/5855-4/
ZZLLS37P67CMBRML6OCG42GPCKGRCJNV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Data source Exploit-DB
Date added April 5, 2023
Description ImageMagick 7.1.0-49 - DoS
Ransomware campaign use Unknown
Source publication date April 5, 2023
Exploit type dos
Platform php
Source update date April 5, 2023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44267.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://imagemagick.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://imagemagick.org/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44267
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5347
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://www.debian.org/security/2023/dsa-5347
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.metabaseq.com/imagemagick-zero-days/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://www.metabaseq.com/imagemagick-zero-days/
Exploit Prediction Scoring System (EPSS)
Percentile 0.90758
EPSS Score 0.06472
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:37:30.511529+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5855-1/ 37.0.0