CVE-2022-2719

MEDIUM

Fedoraproject Extra Packages For Ente... - Reachable Assertion

Title source: rule

Description

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

References (1)

Core 1

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=2116537

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 7.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (3)

fedoraproject/extra_packages_for_enterprise_linux 8.0

fedoraproject/fedora 36

imagemagick/imagemagick < 7.1.0-30

Published Aug 10, 2022

Tracked Since Feb 18, 2026