Yet More ImageMagick Vulnerabilities


ImageMagick is a popular open-source image manipulation library used by many websites and software applications to process and display images. A couple of vulnerabilities have recently been discovered in ImageMagick by MetabaseQ.

Two vulnerabilities CVE-2022-44267 and CVE-2022-44268 allow attackers to arbitrarily read files and cause DoS on the affected system. The payload to exploit this vulnerability is simple, which makes it easier for attackers to take advantage of the vulnerability.

Example of first exploitation payload

Payload exploiting CVE-2022-44267 makes ImageMagick try to read the content from standard input, potentially leaving the process waiting forever.

CVE-2022-44268 payload
Example of second exploitation payload

ImageMagick is a widely used open-source image manipulation library because of its versatility and ease of use. It provides a suite of command-line tools and a library that can be used to perform a wide range of image-processing tasks, such as resizing, cropping, and converting images between different formats. 

Many popular software applications and websites use ImageMagick to process and display images. For example, some content management systems (CMS), such as WordPress and Drupal, use ImageMagick to resize and crop images uploaded by users. ImageMagick has also been integrated into many software development tools, such as programming languages like PHP, Ruby, and Python, making it easier for developers to incorporate image-processing capabilities into their applications.

This is not the first time a vulnerability has been discovered in ImageMagick. There is even a separate site (ImageTragick) describing some dangerous vulnerabilities that were discovered 6 years ago. These vulnerabilities let the attacker execute code, read, move, and delete files. After these vulnerabilities were released, security researchers have been finding a vulnerable version of this library being used all over the internet for years. This kind of third-party dependency is really hard to find and eradicate.

It is important for users and administrators to stay vigilant and keep their software updated to ensure that they are protected from potential security threats. Additionally, users and administrators should carefully evaluate the image sources they work with and limit the types of image formats that ImageMagick is configured to process.

Wallarm End-to-End API Security can protect against this type of attack. The Wallarm Detection Team has checked these new exploit vectors for Imagemagick and has definitively determined that our product will protect your applications.



Source link