Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-32547
CVE-2022-32547:
ImageMagick vulnerability analysis and mitigation
Overview
CVE-2022-32547 is a vulnerability discovered in ImageMagick affecting versions prior to 6.9.12-45 and 7.1.0-30. The vulnerability involves a load of misaligned address for type 'double' (requiring 8-byte alignment) and type 'float' (requiring 4-byte alignment) at MagickCore/property.c (NVD, RedHat Bugzilla).
Technical details
The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue occurs specifically in the MagickCore/property.c file where misaligned memory addresses are accessed for float and double data types (NVD).
Impact
When crafted or untrusted input is processed by ImageMagick, this vulnerability causes a negative impact to application availability and other problems related to undefined behavior (NVD).
Mitigation and workarounds
The vulnerability has been fixed in ImageMagick versions 6.9.12-45 and 7.1.0-30. The fix involves modifying the handling of float and double values using ReadPropertySignedLong instead of direct pointer dereferencing (ImageMagick Commit).
Additional resources
Source: This report was generated using AI
Related ImageMagick vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management