CVE-2022-1114
HIGHImageMagick 6.0-6.9.12-43 - Use-After-Free in RelinquishDCMInfo
Title source: llmDescription
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2064538
Scores
CVSS v3
7.1
EPSS
0.0009
EPSS Percentile
25.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (1)
imagemagick/imagemagick
6.0 - 6.9.12-43
Published
Apr 29, 2022
Tracked Since
Feb 18, 2026