← back
CVE-2022-44268

CVE-2022-44268

CVSS 6.5 MEDIUMEPSS 89.9%CWE-200
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found31
githubgithub.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC275githubgithub.com/voidz0r/CVE-2022-44268217githubgithub.com/Sybil-Scan/imagemagick-lfi-poc52githubgithub.com/kljunowsky/CVE-2022-4426827githubgithub.com/entr0pie/CVE-2022-4426813githubgithub.com/y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment10githubgithub.com/Vulnmachines/imagemagick-CVE-2022-442688githubgithub.com/jnschaeffer/cve-2022-44268-detector5githubgithub.com/agathanon/cve-2022-442684githubgithub.com/adhikara13/CVE-2022-44268-MagiLeak2githubgithub.com/chairat095/CVE-2022-44268_By_Kyokito2githubgithub.com/Baikuya/CVE-2022-44268-PoC2githubgithub.com/narekkay/auto-cve-2022-44268.sh2githubgithub.com/betillogalvanfbc/POC-CVE-2022-442681githubgithub.com/fanbyprinciple/ImageMagick-lfi-poc1githubgithub.com/bhavikmalhotra/CVE-2022-44268-Exploit1githubgithub.com/mouftan/CVE-2022-442680githubgithub.com/Ashifcoder/CVE-2022-44268-automated-poc0githubgithub.com/nfm/heroku-CVE-2022-44268-reproduction0githubgithub.com/Pog-Frog/cve-2022-442680githubgithub.com/atici/Exploit-for-ImageMagick-CVE-2022-442680githubgithub.com/Vagebondcur/IMAGE-MAGICK-CVE-2022-442680githubgithub.com/NataliSemi/-CVE-2022-442680githubgithub.com/CygnusX-26/CVE-2022-44268-fixed-PoC0githubgithub.com/FlojBoj/CVE-2022-442680githubgithub.com/katseyres2/CVE-2022-44268-pilgrimage0githubgithub.com/J0ey17/Automate_Exploit_CVE-2022-442680githubgithub.com/jkobierczynski/cve-2022-442680githubgithub.com/k-javaman12/CVE-2022-44268-0exploitdbwww.exploit-db.com/exploits/51261unverifiedcve_referencepacketstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.htmlhttps://imagemagick.org/https://lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/https://www.debian.org/security/2023/dsa-5347https://www.metabaseq.com/imagemagick-zero-days/