Cybersecurity researchers have disclosed particulars of two safety flaws within the open supply ImageMagick software program that would doubtlessly result in a denial-of-service (DoS) and knowledge disclosure.
The 2 points, which have been recognized by Latin American cybersecurity agency Metabase Q in model 7.1.0-49, have been addressed in ImageMagick model 7.1.0-52, launched in November 2022.
A quick description of the issues is as follows –
CVE-2022-44267 – A DoS vulnerability that arises when parsing a PNG picture with a filename that is a single sprint (“-“)
CVE-2022-44268 – An info disclosure vulnerability that may very well be exploited to learn arbitrary recordsdata from a server when parsing a picture
That mentioned, an attacker should have the ability to add a malicious picture to an internet site utilizing ImageMagick in order to weaponize the issues remotely. The specifically crafted picture, for its half, will be created by inserting a textual content chunk that specifies some metadata of the attacker’s selection (e.g., “-” for the filename).
“If the required filename is ‘-‘ (a single sprint), ImageMagick will attempt to learn the content material from normal enter doubtlessly leaving the method ready without end,” the researchers mentioned in a report shared with The Hacker Information.
In the identical method, if the filename refers to an precise file situated within the server (e.g., “/and many others/passwd”), a picture processing operation carried out on the enter might doubtlessly embed the contents of the distant file after it is full.
This isn’t the primary time safety vulnerabilities have been found in ImageMagick. In Could 2016, a number of flaws have been disclosed within the software program, one in all which, dubbed ImageTragick, might have been abused to realize distant code execution when processing user-submitted pictures.
A shell injection vulnerability was subsequently revealed in November 2020, whereby an attacker might insert arbitrary instructions when changing encrypted PDFs to photographs through the “-authenticate” command line parameter.
