CVE-2022-3213

MEDIUM

ImageMagick - Buffer Overflow

Title source: llm

Description

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

References (4)

Core 4

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=2126824

Third Party Advisory x_refsource_misc

https://access.redhat.com/security/cve/CVE-2022-3213

Patch, Third Party Advisory x_refsource_misc

https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-119 CWE-787

Status published

Products (6)

fedoraproject/extra_packages_for_enterprise_linux 8.0

fedoraproject/extra_packages_for_enterprise_linux 9.0

fedoraproject/fedora 35

fedoraproject/fedora 36

fedoraproject/fedora 37

imagemagick/imagemagick < 6.9.12-62

Published Sep 19, 2022

Tracked Since Feb 18, 2026