Arbitrary File Content Disclosure in ImageMagick 7.1.0-49

Arbitrary File Content Disclosure in ImageMagick 7.1.0-49

CVE-2022-44268 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).

Learn more about our Web Application Penetration Testing UK.