CVE-2022-32545
📋 TL;DR
This CVE-2022-32545 is an integer overflow vulnerability in ImageMagick's PSD file parser. When processing specially crafted or untrusted PSD files, it can cause undefined behavior leading to application crashes or potential code execution. Any system using vulnerable ImageMagick versions to process untrusted image files is affected.
💻 Affected Systems
- ImageMagick
- ImageMagick6
📦 What is this software?
Extra Packages For Enterprise Linux by Fedoraproject
View all CVEs affecting Extra Packages For Enterprise Linux →
Fedora by Fedoraproject
Imagemagick by Imagemagick
Imagemagick by Imagemagick
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise if the integer overflow can be leveraged for memory corruption attacks.
Likely Case
Application denial of service through crashes when processing malicious PSD files, potentially disrupting image processing services.
If Mitigated
Limited to application crashes with proper sandboxing and input validation in place.
🎯 Exploit Status
Exploitation requires crafting a malicious PSD file. While no public PoC exists, the vulnerability is in file parsing code that processes untrusted input.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ImageMagick 7.1.0-39 and ImageMagick6 6.9.12-39
Vendor Advisory: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
Restart Required: Yes
Instructions:
1. Update ImageMagick using your package manager: 'sudo apt update && sudo apt upgrade imagemagick' (Debian/Ubuntu) or 'sudo yum update imagemagick' (RHEL/CentOS). 2. Restart any services using ImageMagick. 3. Verify the update with 'convert --version'.
🔧 Temporary Workarounds
Disable PSD format support
linuxRemove PSD format from ImageMagick's supported formats to prevent processing of malicious PSD files
Edit /etc/ImageMagick-6/policy.xml or /etc/ImageMagick-7/policy.xml
Add: <policy domain="coder" rights="none" pattern="PSD" />
Input validation and sandboxing
allImplement strict input validation for uploaded files and run ImageMagick in restricted environments
Implement file type verification before processing
Use chroot or containerization for ImageMagick processes
🧯 If You Can't Patch
- Implement strict file upload validation to reject PSD files from untrusted sources
- Isolate ImageMagick processing to dedicated, restricted environments with minimal privileges
🔍 How to Verify
Check if Vulnerable:
Check ImageMagick version with 'convert --version' or 'magick --version'. If version is below 7.1.0-39 (ImageMagick7) or 6.9.12-39 (ImageMagick6), system is vulnerable.Check Version:
convert --version | head -1Verify Fix Applied:
After patching, verify version is 7.1.0-39 or higher (ImageMagick7) or 6.9.12-39 or higher (ImageMagick6) using 'convert --version'.📡 Detection & Monitoring
Log Indicators:
- ImageMagick process crashes or segmentation faults when processing PSD files
- Error messages containing 'coders/psd.c' or 'unsigned char' overflow
Network Indicators:
- Unusual uploads of PSD files to image processing endpoints
- Multiple failed image processing attempts
SIEM Query:
process.name:"convert" AND (event.action:"segmentation fault" OR event.action:"crash") AND file.extension:"psd"🔗 References
- https://bugzilla.redhat.com/show_bug.cgi?id=2091811
- https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
- https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa
- https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2091811
- https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
- https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa
- https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html
