Search for vulnerabilities
Vulnerability details: VCID-k22f-v4ss-aaam
Vulnerability ID VCID-k22f-v4ss-aaam
Aliases CVE-2022-44267
Summary ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-404 Improper Resource Shutdown or Release
CWE-20 Improper Input Validation
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44267.json
epss 0.03535 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03535 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03535 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03535 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03535 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03828 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03828 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03828 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03828 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03828 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.03828 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.07357 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.07357 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.07357 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.07357 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.07357 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.1601 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
epss 0.23963 https://api.first.org/data/v1/epss?cve=CVE-2022-44267
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://imagemagick.org/
cvssv3.1 6.5 https://imagemagick.org/
ssvc Track https://imagemagick.org/
ssvc Track https://imagemagick.org/
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
cvssv3.1 6.5 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44267
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-44267
cvssv3.1 6.5 https://www.debian.org/security/2023/dsa-5347
cvssv3.1 6.5 https://www.debian.org/security/2023/dsa-5347
ssvc Track https://www.debian.org/security/2023/dsa-5347
ssvc Track https://www.debian.org/security/2023/dsa-5347
cvssv3.1 6.5 https://www.metabaseq.com/imagemagick-zero-days/
cvssv3.1 6.5 https://www.metabaseq.com/imagemagick-zero-days/
ssvc Track https://www.metabaseq.com/imagemagick-zero-days/
ssvc Track https://www.metabaseq.com/imagemagick-zero-days/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44267.json
https://api.first.org/data/v1/epss?cve=CVE-2022-44267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://imagemagick.org/
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
https://www.debian.org/security/2023/dsa-5347
https://www.metabaseq.com/imagemagick-zero-days/
1030767 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767
2167593 https://bugzilla.redhat.com/show_bug.cgi?id=2167593
cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*
CVE-2022-44267 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/51256.txt
CVE-2022-44267 https://nvd.nist.gov/vuln/detail/CVE-2022-44267
GLSA-202405-02 https://security.gentoo.org/glsa/202405-02
USN-5855-1 https://usn.ubuntu.com/5855-1/
USN-5855-2 https://usn.ubuntu.com/5855-2/
USN-5855-4 https://usn.ubuntu.com/5855-4/
Data source Exploit-DB
Date added April 5, 2023
Description ImageMagick 7.1.0-49 - DoS
Ransomware campaign use Unknown
Source publication date April 5, 2023
Exploit type dos
Platform php
Source update date April 5, 2023
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44267.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://imagemagick.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://imagemagick.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://imagemagick.org/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://imagemagick.org/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44267
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44267
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5347
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5347
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://www.debian.org/security/2023/dsa-5347
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://www.debian.org/security/2023/dsa-5347
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.metabaseq.com/imagemagick-zero-days/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.metabaseq.com/imagemagick-zero-days/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://www.metabaseq.com/imagemagick-zero-days/
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:25:17Z/ Found at https://www.metabaseq.com/imagemagick-zero-days/
Exploit Prediction Scoring System (EPSS)
Percentile 0.91797
EPSS Score 0.03535
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.