ImageMagick 7.1.0-49 – DoS

• Exploit Database
• 24 阅读

• 作者： nu11secur1ty
  日期： 2023-04-05
• 类别：

  • dos
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51256/

• ## Exploit Title: ImageMagick 7.1.0-49 - DoS
  ## Author: nu11secur1ty
  ## Date: 02.07.2023
  ## Vendor: https://imagemagick.org/
  ## Software: https://imagemagick.en.uptodown.com/windows/download/82953605
  ## Reference: https://portswigger.net/daily-swig/denial-of-service
  ## CVE-ID: CVE-2022-44267
  
  ## Description:
  ImageMagick 7.1.0-49 is vulnerable to Denial of Service.
  When it parses a PNG image (e.g., for resize), the convert process
  could be left waiting for stdin input.
  The attacker can easily send a malicious png file to the victim and
  then when the victim has opened this png he will crash the program.
  
  STATUS: HIGH Vulnerability
  
  [+]Payload:
  [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-44267/PoC)
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-44267)
  
  ## Proof and Exploit:
  [href](https://streamable.com/l7z79c)
  
  ## Time spend:
  00:30:00
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html
  https://cxsecurity.com/ and https://www.exploit-db.com/
  0day Exploit DataBase https://0day.today/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>