CVE-2022-32546

Name
CVE-2022-32546
Description
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2091812
MISC https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943
MLIST https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* imagemagick >= 7.1.0 < 7.1.0-29
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* imagemagick >= None < 6.9.12-44

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
imagemagick 3.17-community 7.1.0.62-r0 Natanael Copa <ncopa@alpinelinux.org> fixed