Skip to main content

Extra Packages For Enterprise Linux CVE-2022-2719

MEDIUM
Reachable Assertion (CWE-617)
2022-08-10 secalert@redhat.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 10, 2022 - 20:15 nvd
MEDIUM 5.5

DescriptionNVD

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

AnalysisAI

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-617. In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. Affected products include: Fedoraproject Extra Packages For Enterprise Linux, Imagemagick, Fedoraproject Fedora. Version information: version 7.1.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-34152 CRITICAL POC
9.8 May 30

A vulnerability was found in ImageMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable

CVE-2022-25648 CRITICAL POC
9.8 Apr 19

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (C

CVE-2021-21897 HIGH POC
8.8 Sep 08

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. Rat

CVE-2021-38714 HIGH POC
8.8 Aug 24

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. Rated hi

CVE-2023-34432 HIGH POC
7.8 Jul 10

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated h

CVE-2023-34153 HIGH POC
7.8 May 30

A vulnerability was found in ImageMagick. Rated high severity (CVSS 7.8), this vulnerability is no authentication requir

CVE-2022-0367 HIGH POC
7.8 Aug 29

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity

CVE-2022-24882 HIGH POC
7.5 Apr 26

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2021-23727 HIGH POC
7.5 Dec 29

This affects the package celery before 5.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable

CVE-2020-9274 HIGH POC
7.5 Feb 26

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,

CVE-2021-20247 HIGH POC
7.4 Feb 23

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely expl

CVE-2020-7106 MEDIUM POC
6.1 Jan 16

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automatio

Share

CVE-2022-2719 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy