Improper Resource Shutdown or Release
CVE-2022-44267
Summary
ImageMagick versions through 7.1.0-51, 7.1.0-6, 7.1.0-7 through 7.1.0-9 and ImageMagick6 versions through 6.9.12-66, 6.9.12-7, 6.9.12-8 through 6.9.12-9 are vulnerable to Denial of Service. When it parses a PNG image (e.g., for resizing), the converting process could be left waiting for stdin input. This has the same fix as CVE-2022-44268.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.
References
Advisory Timeline
- Published