Cybersecurity researchers have disclosed particulars of two safety flaws within the open supply ImageMagick software program that would probably result in a denial-of-service (DoS) and data disclosure.
The 2 points, which have been recognized by Latin American cybersecurity agency Metabase Q in model 7.1.0-49, have been addressed in ImageMagick model 7.1.0-52, launched in November 2022.
A quick description of the failings is as follows –
- CVE-2022-44267 – A DoS vulnerability that arises when parsing a PNG picture with a filename that is a single sprint (“-“)
- CVE-2022-44268 – An info disclosure vulnerability that might be exploited to learn arbitrary information from a server when parsing a picture
That stated, an attacker should be capable of add a malicious picture to a web site utilizing ImageMagick in order to weaponize the failings remotely. The specifically crafted picture, for its half, will be created by inserting a textual content chunk that specifies some metadata of the attacker’s selection (e.g., “-” for the filename).
“If the required filename is ‘-‘ (a single sprint), ImageMagick will attempt to learn the content material from normal enter probably leaving the method ready without end,” the researchers stated in a report shared with The Hacker Information.
In the identical method, if the filename refers to an precise file positioned within the server (e.g., “/and so on/passwd”), a picture processing operation carried out on the enter might probably embed the contents of the distant file after it is full.
This isn’t the primary time safety vulnerabilities have been found in ImageMagick. In Might 2016, a number of flaws have been disclosed within the software program, certainly one of which, dubbed ImageTragick, might have been abused to realize distant code execution when processing user-submitted photographs.
A shell injection vulnerability was subsequently revealed in November 2020, whereby an attacker might insert arbitrary instructions when changing encrypted PDFs to photographs through the “-authenticate” command line parameter.