CVE-2022-48541 – A memory leak vulnerability in ImageMagick allo... (How to Fix)

Q: What is the severity of CVE-2022-48541?

CVE-2022-48541 has a CVSS score of 7.1 (HIGH). A memory leak vulnerability in ImageMagick allows remote attackers to cause denial of service by triggering the 'identify -help' command. This affects systems running vulnerable versions of ImageMagick where the identify utility is exposed to untrusted input. The vulnerability can be exploited without authentication.

📋 TL;DR

A memory leak vulnerability in ImageMagick allows remote attackers to cause denial of service by triggering the 'identify -help' command. This affects systems running vulnerable versions of ImageMagick where the identify utility is exposed to untrusted input. The vulnerability can be exploited without authentication.

💻 Affected Systems

Products:

ImageMagick

Versions: ImageMagick 7.0.10-45 and 6.9.11-22

Operating Systems: Linux, Unix-like systems, Windows (if ImageMagick installed)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with vulnerable ImageMagick versions where the 'identify' command can be invoked with untrusted input.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system resource exhaustion leading to service unavailability and potential system instability or crash.

🟠

Likely Case

Degraded performance or service disruption of applications using ImageMagick for image processing.

🟢

If Mitigated

Minimal impact if ImageMagick is not exposed to untrusted input or if resource limits are enforced.

🌐 Internet-Facing: MEDIUM - Exploitable remotely but requires specific command execution; risk depends on application exposure.

🏢 Internal Only: LOW - Requires local or internal access to execute commands; lower risk in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires ability to trigger the 'identify -help' command; often through web applications or scripts that process user input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ImageMagick 7.0.10-46 and 6.9.11-23

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/issues/2889

Restart Required: No

Instructions:

1. Update ImageMagick to version 7.0.10-46 or 6.9.11-23 or later. 2. For Linux systems: Use package manager (apt, yum, dnf) to update. 3. For source installations: Download and compile latest version from ImageMagick website.

🔧 Temporary Workarounds

Restrict identify command usage

all

Limit or disable the 'identify' command from being invoked with untrusted input.

# Configure application to not pass user input to identify command
# Use input validation and sanitization

Implement resource limits

linux

Set memory and process limits to prevent resource exhaustion.

ulimit -v 1048576
# Set memory limit to 1GB
# Configure systemd or container limits

🧯 If You Can't Patch

Isolate ImageMagick usage to trusted environments only.
Monitor system resources and implement alerting for abnormal memory consumption.

🔍 How to Verify

Check if Vulnerable:

Run 'identify --version' and check if version is 7.0.10-45 or 6.9.11-22.

Check Version:

identify --version

Verify Fix Applied:

Confirm version is 7.0.10-46 or 6.9.11-23 or later using 'identify --version'.

📡 Detection & Monitoring

Log Indicators:

Repeated 'identify -help' command executions
Abnormal memory usage spikes in processes using ImageMagick

Network Indicators:

HTTP requests to endpoints that trigger image processing with suspicious parameters

SIEM Query:

process.name:"identify" AND process.args:"-help"

📊 Metadata

CVE ID: CVE-2022-48541

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE: CWE-401

Published: August 22, 2023

Last Updated: November 4, 2025

🔗 References

https://github.com/ImageMagick/ImageMagick/issues/2889 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/ Third Party Advisory
https://github.com/ImageMagick/ImageMagick/issues/2889 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/03/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAULDP3GG5KI3XITQ5XSMRSILCBZS2VK/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48541, you might also want to check these: