Vulnerability DatabaseCVE-2022-32546

CVE-2022-32546:
ImageMagick vulnerability analysis and mitigation

Overview

A vulnerability was discovered in ImageMagick (CVE-2022-32546) that causes an issue with values outside the range of representable values of type 'unsigned long' in the coders/pcl.c file. The vulnerability was reported on May 31, 2022, and affects ImageMagick versions prior to 6.9.12-44 and versions from 7.1.0 up to (excluding) 7.1.0-29 (NVD).

Technical details

The vulnerability occurs in the PCL image processing component of ImageMagick, specifically in the coders/pcl.c file. The issue arises when processing crafted or untrusted input, leading to undefined behavior due to values exceeding the representable range of the 'unsigned long' data type. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

Impact

When exploited, this vulnerability can lead to a negative impact on application availability and other problems related to undefined behavior when processing specially crafted input files (NVD).

Mitigation and workarounds

The vulnerability has been fixed in ImageMagick versions 6.9.12-44 and 7.1.0-29. The fix involves using CastDoubleToLong() function to properly handle the value conversion in the PCL coder (ImageMagick Commit, Debian Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.8

Score

Published June 16, 2022

Severity HIGH

CNA Score N/A

Affected Technologies

ImageMagick
Linux Debian

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 30.5

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

ImageMagick
libMagick++-7_Q16HDRI4

Sources

Alpine Security Tracker
- Alpine 3.15 Severity HIGHHas FixAdded at: Dec 03, 2023
- Alpine 3.16 Severity HIGHHas FixAdded at: Oct 09, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Chainguard
- Chainguard Has FixAdded at: Sep 03, 2025
Debian Security Tracker
- Debian 9 Severity MEDIUMNo FixAdded at: Jun 17, 2022
- Debian 10, 11, 12 Severity HIGHHas FixAdded at: Jun 17, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: May 06, 2024
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity HIGHHas FixAdded at: Oct 10, 2023
Photon Security Advisory
- Photon 3.0 Severity HIGHHas FixAdded at: Jul 13, 2022
- Photon 4.0 Severity HIGHHas FixAdded at: Jul 22, 2022
Red Hat Errata
- Red Hat 6, 7 Severity LOWNo FixAdded at: Jun 09, 2022
Seal Security
- Red Hat 7 Severity HIGHHas FixAdded at: Nov 18, 2025
Ubuntu Security Tracker
- Ubuntu 14.04, 18.04, 20.04, 22.04, 22.10 Severity MEDIUMHas FixAdded at: Nov 27, 2022
- Ubuntu 16.04 Severity MEDIUMHas FixAdded at: Jul 27, 2022
- Ubuntu 23.04 Severity MEDIUMHas FixAdded at: May 14, 2023
- Ubuntu 23.10 Severity MEDIUMHas FixAdded at: Oct 31, 2023
- Ubuntu 24.04 Severity MEDIUMHas FixAdded at: May 06, 2024
- Ubuntu 24.10 Severity MEDIUMHas FixAdded at: Dec 10, 2024
- Ubuntu 25.04 Severity MEDIUMHas FixAdded at: May 08, 2025
- Ubuntu 25.10 Severity MEDIUMHas FixAdded at: Oct 13, 2025
Wolfi
- Wolfi Has FixAdded at: Sep 01, 2025
NVD
- Linux Severity HIGHHas FixAdded at: May 29, 2023
- Windows Severity HIGHHas FixAdded at: Jun 26, 2022

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related ImageMagick vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23876	HIGH	8.1	ImageMagick	ImageMagick	No	No	Jan 20, 2026
CVE-2025-69204	HIGH	7.5	ImageMagick	ImageMagick-config-7-upstream-websafe	No	Yes	Dec 30, 2025
CVE-2026-22770	MEDIUM	6.5	ImageMagick	ImageMagick	No	No	Jan 20, 2026
CVE-2025-68950	MEDIUM	6.2	C#	perl-PerlMagick	No	Yes	Dec 30, 2025
CVE-2026-23874	MEDIUM	5.5	ImageMagick	ImageMagick-perl	No	No	Jan 20, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-32546: ImageMagick vulnerability analysis and mitigation