CVE-2022-44268 has been identified in the ImageMagick package, which is often used by web developers to convert images, which can lead to file content leakage if PNG images prepared by an attacker are converted using ImageMagick. The vulnerability affects systems that process external images and then allow the conversion results to be loaded.
The vulnerability is caused by the fact that when processing a PNG image, ImageMagick uses the contents of the "profile" parameter from the metadata block to determine the name of the profile file that is included in the resulting file. Thus, for an attack, it is enough to add the βprofileβ parameter to the PNG image with the necessary file path (for example, β/etc/passwdβ) and when processing such an image, for example, when resizing the image, the contents of the required file will be included in the output file . If you specify "-" instead of a file name, then the handler will hang waiting for input from the standard stream, which can be used to perform a denial of service (CVE-2022-44267).
An update with a fix for the vulnerability has not yet been released, but the ImageMagick developers recommended that as a workaround to block the leak, create a rule in the settings that restricts access to certain file paths. For example, to deny access to absolute and relative paths in policy.xml, you can add:
A script for generating PNG images exploiting the vulnerability has already been placed in the public domain.
Source: opennet.ru