Skip to main content

Improper Resource Shutdown or Release

CVE-2022-44267

Severity Medium
Score 6.5/10

Summary

ImageMagick versions through 7.1.0-51, 7.1.0-6, 7.1.0-7 through 7.1.0-9 and ImageMagick6 versions through 6.9.12-66, 6.9.12-7, 6.9.12-8 through 6.9.12-9 are vulnerable to Denial of Service. When it parses a PNG image (e.g., for resizing), the converting process could be left waiting for stdin input. This has the same fix as CVE-2022-44268.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

Advisory Timeline

  • Published