CVE-2022-32547

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
imagemagick	24.10 oracular	Fixed 8:6.9.11.60+dfsg-1.3ubuntu1
	24.04 LTS noble	Fixed 8:6.9.11.60+dfsg-1.3ubuntu1
	23.10 mantic	Fixed 8:6.9.11.60+dfsg-1.3ubuntu1
	23.04 lunar	Fixed 8:6.9.11.60+dfsg-1.3ubuntu1
	22.10 kinetic	Fixed 8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
	22.04 LTS jammy	Fixed 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm1 Ubuntu Pro
	21.10 impish	Ignored end of life
	20.04 LTS focal	Fixed 8:6.9.10.23+dfsg-2.1ubuntu11.9
	18.04 LTS bionic	Fixed 8:6.9.7.4+dfsg-16ubuntu6.14
	16.04 LTS xenial	Fixed 8:6.8.9.9-7ubuntu5.16+esm4 Ubuntu Pro
	14.04 LTS trusty	Fixed 8:6.7.7.10-6ubuntu3.13+esm3 Ubuntu Pro

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-5534-1
ImageMagick vulnerabilities
26 July 2022

USN-5736-1
ImageMagick vulnerabilities
24 November 2022

USN-5736-2
ImageMagick vulnerabilities
24 November 2022

USN-6200-1
ImageMagick vulnerabilities
4 July 2023