VDB
DEBIAN-CVE-2022-44268
DEBIAN-CVE-2022-44268
PUBLISHED
CVSS 6.5 MEDIUM
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | imagemagick | 0, 0, 0 |
| Debian:13 | imagemagick | 0, 0, 0 |
| Debian:11 | imagemagick | *, 0, 8:6.9.11.60+dfsg-1.3 |
| Debian:12 | imagemagick | 0, 0, 0 |
Exploit Intelligence
- Imagemagick CVE-2022-44268 (github-poc-repo)
- nfm/heroku-CVE-2022-44268-reproduction (github-poc-repo)
- betillogalvanfbc/POC-CVE-2022-44268 (github-poc-repo)
- Tools for working with ImageMagick to handle arbitrary file read vulnerabilities. Generate, read, and apply profile information to PNG files using a command-line interface. (github-poc-repo)
- Expoit for CVE-2022-44268 (github-poc-repo)
- PoC of Imagemagick's Arbitrary File Read (github-poc-repo)
- Pog-Frog/cve-2022-44268 (github-poc-repo)
- Automating Exploitation of CVE-2022-44268 ImageMagick Arbitrary File Read (github-poc-repo)
- ImageMagick Arbitrary Read Files - CVE-2022-44268 (github-poc-repo)
- A bash script for easyly exploiting ImageMagick Arbitrary File Read Vulnerability CVE-2022-44268 (github-poc-repo)
…and 41 more exploits
Timeline
- Feb 6, 2023 CVE Published
- Apr 28, 2026 CVE Updated