FileToStringInfo to store the content into string_info->datum, (MagickCore/string.c:1005):.Copying the text string as filename in line 4720 and saving the content in line 4722:.Checking if keyword equals to “profile”:.SetImageProfile (MagickCore/property.c:4360):.Upload image to trigger ImageMagick command, like “convert”.If the specified filename is “-“ (a single dash) ImageMagick will try to read the content from standard input potentially leaving the process waiting forever. If the keyword is the string “profile” (without quotes) then ImageMagick will interpret the text string as a filename and will load the content as a raw profile. These types have a keyword and a text string. When ImageMagick parses a PNG file, for example in a resize operation when receiving an image, the convert process could be left waiting for stdin input leading to a Denial of Service since the process won’t be able to process other images.Ī malicious actor could craft a PNG or use an existing one and add a textual chunk type (e.g., tEXt). In this blog, the technical details of the vulnerabilities are explained. The Ocelot team is very grateful for the team of volunteers of ImageMagick, who validated and released the patches needed in a timely manner: When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary remote file (if the ImageMagick binary has permissions to read it).Īn attacker needs to upload a malicious image to a website using ImageMagick, in order to exploit the above mentioned vulnerabilities remotely. CVE-2022-44268: ImageMagick 7.1.0-49 is vulnerable to Information Disclosure.When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. CVE-2022-44267: ImageMagick 7.1.0-49 is vulnerable to Denial of Service.As a result, two zero days were identified: In a recent APT Simulation engagement, the Ocelot team identified that ImageMagick was used to process images in a Drupal-based website, and hence, the team decided to try to find new vulnerabilities in this component, proceeding to download the latest version of ImageMagick, 7.1.0-49 at that time. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles, catalogs, etc. ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. By Bryan Gonzalez from Ocelot Team Introduction
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |