PSA: ImageMagick information disclosure vulnerability CVE-2022-44268

PaulB

Well-known member
ImageMagick just released a patch for a serious information disclosure vulnerability. I haven't tested whether this affects XenForo, but it probably does. You should disable ImageMagick and use GD instead, if possible; ImageMagick is prone to serious vulnerabilities. If that isn't an option, check whether your distro has released updated packages for ImageMagick that patch CVE-2022-44268.

Details: https://www.metabaseq.com/imagemagick-zero-days/#:~:text=CVE-2022-44268: Arbitrary Remote Leak

As of writing:
 
Last edited:
ImageMagick just released a patch for a serious information disclosure vulnerability. I haven't tested whether this affects XenForo, but it probably does. You should disable ImageMagick and use GD instead, if possible; ImageMagick is prone to serious vulnerabilities. If that isn't an option, check whether your distro has released updated packages for ImageMagick that patch CVE-2022-44267.

Details: https://www.metabaseq.com/imagemagick-zero-days/#:~:text=CVE-2022-44267: Denial of service

As of writing:

The latest version is: ImageMagick-7.1.0-62
The affected version is : ImageMagick 7.1.0-49 https://security-tracker.debian.org/tracker/source-package/imagemagick
 
I've edited the post, title, and links to include the correct CVE ID. I had specified CVE-2022-44267, which was discovered at the same time but is less severe. The correct CVE ID is CVE-2022-44268.
 

Attachments

@eva2000 Safe to assume a fresh #15 on Centminmod will fix this?
Yup :)

Code:
php -v
PHP 8.0.28 (cli) (built: Feb 14 2023 23:58:08) PGO ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.28, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.28, Copyright (c), by Zend Technologies
Code:
php --ri imagick

imagick

imagick module => enabled
imagick module version => 3.7.0
imagick classes => Imagick, ImagickDraw, ImagickPixel, ImagickPixelIterator, ImagickKernel
Imagick compiled with ImageMagick version => ImageMagick 6.9.12-77 Q16 x86_64 17704 https://legacy.imagemagick.org
Imagick using ImageMagick library version => ImageMagick 6.9.12-77 Q16 x86_64 17704 https://legacy.imagemagick.org
ImageMagick copyright => (C) 1999 ImageMagick Studio LLC
ImageMagick release date => 2023-02-12
ImageMagick number of supported formats:  => 245
ImageMagick supported formats => 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, H, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV

Directive => Local Value => Master Value
imagick.allow_zero_dimension_images => 0 => 0
imagick.locale_fix => 0 => 0
imagick.progress_monitor => 0 => 0
imagick.set_single_thread => 1 => 1
imagick.shutdown_sleep_count => 10 => 10
imagick.skip_version_check => 0 => 0

Here's a script you can use to check whether your web server is in a vulnerable state. It's based on the proof-of-concept provided by the security researchers who reported the vulnerability.

Please DO NOT leave this running on your web server--delete it when you're done. Read and understand the script before using it, as it hasn't been rigorously tested.
Thanks, seems the test PHP script is missing a semi-colon on line 48
PHP:
    if (PHP_SAPI === 'cli') {
        echo "Debug info:\n"
        var_export($profiles);
        echo "\n";
    } else {
        echo "Run this script from the command line to view debug info.\n";
    }

For PHP 8.0.28
Code:
System probably isn't vulnerable--but please upgrade your PHP version. :(


Exit status: 0
 
DirectAdmin on Rocky8 with PHP8.1
Code:
System probably isn't vulnerable.


Exit status: 0

Code:
# php --ri imagick

imagick

imagick module => enabled
imagick module version => 3.7.0
imagick classes => Imagick, ImagickDraw, ImagickPixel, ImagickPixelIterator, ImagickKernel
Imagick compiled with ImageMagick version => ImageMagick 7.1.0-57 Q16-HDRI x86_64 d68553b17:20221230 https://imagemagick.org
Imagick using ImageMagick library version => ImageMagick 7.1.0-57 Q16-HDRI x86_64 d68553b17:20221230 https://imagemagick.org
ImageMagick copyright => (C) 1999 ImageMagick Studio LLC
ImageMagick release date => 2022-12-30
ImageMagick number of supported formats:  => 245
ImageMagick supported formats => 3FR, 3G2, 3GP, A, AAI, AI, APNG, ART, ARW, ASHLAR, AVI, AVS, B, BAYER, BAYERA, BGR, BGRA, BGRO, BMP, BMP2, BMP3, BRF, C, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUBE, CUR, CUT, DATA, DCM, DCR, DCRAW, DCX, DDS, DFONT, DNG, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, ERF, FARBFELD, FAX, FF, FILE, FITS, FL32, FLV, FRACTAL, FTP, FTS, FTXT, G, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, JNG, JNX, JPE, JPEG, JPG, JPS, JSON, K, K25, KDC, LABEL, M, M2V, M4V, MAC, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, O, ORA, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PHM, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PS, PS2, PS3, PSB, PSD, PWP, QOI, R, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGB565, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCREENSHOT, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, STRIMG, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TILE, TIM, TM2, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMV, WPG, X3F, XBM, XC, XCF, XPM, XPS, XV, Y, YAML, YCbCr, YCbCrA, YUV

Directive => Local Value => Master Value
imagick.locale_fix => 0 => 0
imagick.skip_version_check => 0 => 0
imagick.progress_monitor => 0 => 0
imagick.set_single_thread => 1 => 1
imagick.shutdown_sleep_count => 10 => 10
imagick.allow_zero_dimension_images => 0 => 0
 
Back
Top Bottom