Search for vulnerabilities
Vulnerability details: VCID-hygq-szh8-aaar
Vulnerability ID VCID-hygq-szh8-aaar
Aliases CVE-2022-3213
Summary A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3213.json
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00025 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00025 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-3213
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3213
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-3213
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3213.json
https://access.redhat.com/security/cve/CVE-2022-3213
https://api.first.org/data/v1/epss?cve=CVE-2022-3213
https://bugzilla.redhat.com/show_bug.cgi?id=2126824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3213
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
1021141 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021141
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-3213 https://nvd.nist.gov/vuln/detail/CVE-2022-3213
GLSA-202405-02 https://security.gentoo.org/glsa/202405-02
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3213.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3213
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.02932
EPSS Score 0.0002
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.