ByteOS Network

Vulnerability Details :

CVE-2022-44267

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-06 Feb, 2023 | 00:00

Updated At-26 Mar, 2025 | 14:26

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:06 Feb, 2023 | 00:00

Updated At:26 Mar, 2025 | 14:26

▼CVE Numbering Authority (CNA)

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://imagemagick.org/	N/A
https://www.metabaseq.com/imagemagick-zero-days/	N/A
https://www.debian.org/security/2023/dsa-5347	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html	mailing-list

Hyperlink: https://imagemagick.org/

Resource: N/A

Hyperlink: https://www.metabaseq.com/imagemagick-zero-days/

Resource: N/A

Hyperlink: https://www.debian.org/security/2023/dsa-5347

Resource:

vendor-advisory

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Resource:

vendor-advisory

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Resource:

vendor-advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Resource:

mailing-list

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://imagemagick.org/	x_transferred
https://www.metabaseq.com/imagemagick-zero-days/	x_transferred
https://www.debian.org/security/2023/dsa-5347	vendor-advisory x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/	vendor-advisory x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/	vendor-advisory x_transferred
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html	mailing-list x_transferred

Hyperlink: https://imagemagick.org/

Resource:

x_transferred

Hyperlink: https://www.metabaseq.com/imagemagick-zero-days/

Resource:

x_transferred

Hyperlink: https://www.debian.org/security/2023/dsa-5347

Resource:

vendor-advisory

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Resource:

vendor-advisory

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Resource:

vendor-advisory

x_transferred

Hyperlink: https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Resource:

mailing-list

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-404	CWE-404 Improper Resource Shutdown or Release

Type: CWE

CWE ID: CWE-404

Description: CWE-404 Improper Resource Shutdown or Release

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:06 Feb, 2023 | 21:15

Updated At:26 Mar, 2025 | 15:15

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CPE Matches

ImageMagick Studio LLC

>>imagemagick>>7.1.0-49

cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-404	Primary	nvd@nist.gov
CWE-404	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-404

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-404

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://imagemagick.org/	cve@mitre.org	Product
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/	cve@mitre.org	N/A
https://www.debian.org/security/2023/dsa-5347	cve@mitre.org	N/A
https://www.metabaseq.com/imagemagick-zero-days/	cve@mitre.org	Exploit Third Party Advisory
https://imagemagick.org/	af854a3a-2127-422b-91ae-364da2661108	Product
https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.debian.org/security/2023/dsa-5347	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.metabaseq.com/imagemagick-zero-days/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory

Hyperlink: https://imagemagick.org/

Source: cve@mitre.org

Resource:

Product

Hyperlink: https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.debian.org/security/2023/dsa-5347

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.metabaseq.com/imagemagick-zero-days/

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://imagemagick.org/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Product

Hyperlink: https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://www.debian.org/security/2023/dsa-5347

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://www.metabaseq.com/imagemagick-zero-days/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Third Party Advisory

Similar CVEs

109Records found

CVE-2022-3816

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 65.46%

7 Day CHG~0.00%

Published-01 Nov, 2022 | 00:00

Updated-15 Apr, 2025 | 13:18

Axiomatic Bento4 mp4decrypt memory leak

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability.

Vendor-Axiomatic Systems, LLC

Product-bento4 Bento4

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-3809

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 54.62%

7 Day CHG~0.00%

Published-01 Nov, 2022 | 00:00

Updated-15 Apr, 2025 | 13:18

Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability.

Vendor-Axiomatic Systems, LLC

Product-bento4 Bento4

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-3817

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.50% / 65.46%

7 Day CHG~0.00%

Published-01 Nov, 2022 | 00:00

Updated-15 Apr, 2025 | 13:18

Axiomatic Bento4 mp4mux memory leak

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683.

Vendor-Axiomatic Systems, LLC

Product-bento4 Bento4

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-3815

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.51%

7 Day CHG~0.00%

Published-01 Nov, 2022 | 00:00

Updated-15 Apr, 2025 | 13:18

Axiomatic Bento4 mp4decrypt memory leak

A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.

Vendor-Axiomatic Systems, LLC

Product-bento4 Bento4

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-3807

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.51%

7 Day CHG~0.00%

Published-01 Nov, 2022 | 00:00

Updated-15 Apr, 2025 | 13:18

Axiomatic Bento4 Incomplete Fix CVE-2019-13238 resource consumption

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660.

Vendor-Axiomatic Systems, LLC

Product-bento4 Bento4

CWE ID-CWE-404

Improper Resource Shutdown or Release

CWE ID-CWE-252

Unchecked Return Value

CVE-2022-3814

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 52.51%

7 Day CHG~0.00%

Published-01 Nov, 2022 | 00:00

Updated-15 Apr, 2025 | 13:18

Axiomatic Bento4 mp4decrypt memory leak

A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680.

Vendor-Axiomatic Systems, LLC

Product-bento4 Bento4

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-35191

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.70% / 71.55%

7 Day CHG~0.00%

Published-22 Aug, 2022 | 23:35

Updated-03 Aug, 2024 | 09:29

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.

Vendor-n/a D-Link Corporation

Product-dsl-3782_firmware dsl-3782 n/a

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-28875

Matching Score-4

Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f

View Details

Matching Score-4

Assigner-126858f1-1b65-4b74-81ca-7034f7f7723f

CVSS Score-4.3||MEDIUM

EPSS-0.25% / 48.06%

7 Day CHG~0.00%

Published-25 May, 2022 | 15:09

Updated-03 Aug, 2024 | 06:03

Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Vendor-Apple Inc.F-Secure Corporation Microsoft Corporation

Product-linux_security cloud_protection_for_salesforce elements_endpoint_protection atlant elements_collaboration_protection elements_endpoint_detection_and_response windows macos internet_gatekeeper All F-Secure & WithSecure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit). F-Secure Linux Security (64-bit). F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-1289

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.31% / 53.97%

7 Day CHG~0.00%

Published-10 Apr, 2022 | 15:15

Updated-15 Apr, 2025 | 14:41

tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.

Vendor-tildearrow tildearrow

Product-furnace Furnace

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-44267

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs