CVE-2022-3213: Buffer Overflow
First published: Wed Sep 14 2022(Updated: )
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ImageMagick 7.1.0 | <47 | 47 |
| redhat/ImageMagick 6.9.12 | <62 | 62 |
| ImageMagick ImageMagick | <6.9.12-62 | |
| ImageMagick ImageMagick | >=7.1.0-0<7.1.0-47 | |
| Fedora EPEL | =8.0 | |
| Fedora EPEL | =9.0 | |
| Fedora | =35 | |
| Fedora | =36 | |
| Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2022-3213
- https://bugzilla.redhat.com/show_bug.cgi?id=2126824
- https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2
- https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2126826
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2126825
- https://access.redhat.com/security/cve/cve-2022-3213
Frequently Asked Questions
What is CVE-2022-3213?
CVE-2022-3213 is a heap buffer overflow issue found in ImageMagick that can cause a denial of service or undefined behavior when processing a malformed TIFF file.
Which versions of ImageMagick are affected by CVE-2022-3213?
ImageMagick versions up to 6.9.12-62 and versions between 7.1.0-0 and 7.1.0-47 are affected by CVE-2022-3213.
What is the severity of CVE-2022-3213?
CVE-2022-3213 has a severity rating of medium with a CVSS score of 5.5.
How can I fix CVE-2022-3213?
To fix CVE-2022-3213, update ImageMagick to version 6.9.12-63 or higher for versions up to 6.9.12 or update to ImageMagick version 7.1.0-48 or higher for versions between 7.1.0-0 and 7.1.0-47.
Where can I find more information about CVE-2022-3213?
You can find more information about CVE-2022-3213 on the Red Hat Security Advisory page, Bugzilla, and the ImageMagick GitHub commit.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3213
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/imagemagick
- canonical/imagemagick imagemagick
- version/imagemagick imagemagick/7.1.0-0
- vendor/fedoraproject
- canonical/fedora epel
- version/fedora epel/8.0
- version/fedora epel/9.0
- canonical/fedora
- version/fedora/35
- version/fedora/36
- version/fedora/37