What the vulnerability does

01Description

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

Key dates

02Disclosure timeline

August 29, 2022 CVE published
August 2, 2024 Record updated