CVE-2022-32545 Overview
A vulnerability was discovered in ImageMagick involving an integer overflow condition in the PSD image file processing code. When crafted or untrusted input is processed, the vulnerability causes values outside the range of representable values of type 'unsigned char' at coders/psd.c. This leads to a negative impact on application availability and other problems related to undefined behavior.
Critical Impact
This integer overflow vulnerability in ImageMagick's PSD parser can be exploited through maliciously crafted image files, potentially leading to application crashes, denial of service, or undefined behavior that could be leveraged for further exploitation.
Affected Products
- ImageMagick (multiple versions)
- Fedora Project Extra Packages for Enterprise Linux 8.0
- Fedora 36
- Red Hat Enterprise Linux 7.0
Discovery Timeline
- June 16, 2022 - CVE-2022-32545 published to NVD
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2022-32545
Vulnerability Analysis
This vulnerability is classified as CWE-190 (Integer Overflow or Wraparound). The flaw exists in ImageMagick's PSD (Photoshop Document) image format coder, specifically in how pixel data is processed during image parsing. When processing specially crafted PSD files, the code improperly handles type conversions, causing values to exceed the representable range of an unsigned char (0-255).
The vulnerability requires local access and user interaction to exploit, meaning an attacker would need to convince a user to open a malicious image file with an application that uses ImageMagick for image processing. This attack vector is commonly exploited through phishing campaigns or by hosting malicious files on compromised websites.
Root Cause
The root cause lies in improper integer type handling during pixel manipulation in the PSD decoder. When processing pixel data in bit-packed format, the code directly casts a pixel value to unsigned char without first ensuring the value is within the valid range. This can result in integer overflow when the input pixel value is outside the representable range.
Attack Vector
An attacker can exploit this vulnerability by crafting a malicious PSD image file with specially designed pixel data that triggers the integer overflow condition. When a victim processes this file using ImageMagick (either directly via command-line tools or through applications that embed ImageMagick), the overflow occurs, leading to undefined behavior. This can manifest as application crashes, denial of service, or potentially memory corruption that could be chained with other vulnerabilities.
// Vulnerable code (before patch) - coders/psd.c
// Source: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
number_bits=8;
for (bit = 0; bit < (ssize_t) number_bits; bit++)
{
- SetPSDPixel(image,channel,packet_size,(((unsigned char) pixel)
+ SetPSDPixel(image,channel,packet_size,(((unsigned char)((ssize_t)pixel))
& (0x01 << (7-bit))) != 0 ? 0 : QuantumRange,q,exception);
q+=GetPixelChannels(image);
x++;
The fix introduces an intermediate cast to ssize_t (signed size type) before casting to unsigned char, ensuring proper handling of the value range and preventing undefined behavior from direct type conversion.
Detection Methods for CVE-2022-32545
Indicators of Compromise
- Unexpected crashes of ImageMagick tools (convert, identify, mogrify) when processing PSD files
- Application crashes in software that uses ImageMagick libraries for image processing
- Segmentation faults or core dumps associated with PSD file processing
- Anomalous PSD files with unusual pixel data structures in upload directories or image caches
Detection Strategies
- Monitor system logs for ImageMagick-related crashes or segmentation faults, particularly when processing PSD format files
- Implement file integrity monitoring on ImageMagick binary installations to detect unauthorized modifications
- Deploy endpoint detection solutions that can identify exploitation attempts through behavioral analysis of image processing operations
- Use static analysis tools to scan for vulnerable ImageMagick versions in your software stack
Monitoring Recommendations
- Enable core dump collection and analysis for ImageMagick processes to identify exploitation attempts
- Implement rate limiting and monitoring for image upload functionality in web applications
- Monitor for unusual resource consumption patterns during image processing that may indicate exploitation
- Track ImageMagick version deployments across infrastructure to ensure consistent patching
How to Mitigate CVE-2022-32545
Immediate Actions Required
- Update ImageMagick to the latest patched version immediately
- Audit all systems and applications that use ImageMagick for image processing
- Consider implementing input validation to restrict processing of PSD files from untrusted sources
- Deploy the official patches from ImageMagick Commit #9c9a84c or ImageMagick6 Commit #450949e
Patch Information
Security patches have been released by the ImageMagick project addressing this vulnerability. The fixes are available in the official repositories:
- ImageMagick 7.x: Commit 9c9a84cec4ab28ee0b57c2b9266d6fbe68183512
- ImageMagick 6.x: Commit 450949ed017f009b399c937cf362f0058eacc5fa
Additional information is available through the Red Hat Bug Report #2091811 and the Debian LTS Security Announcement.
Workarounds
- Disable PSD format support in ImageMagick's policy.xml configuration file if PSD processing is not required
- Implement application-level filtering to reject PSD files from untrusted sources before passing to ImageMagick
- Run ImageMagick processes in sandboxed environments with restricted permissions to limit impact of successful exploitation
- Use alternative image processing libraries for PSD files in high-risk environments until patching is complete
<!-- ImageMagick policy.xml configuration to disable PSD processing -->
<policymap>
<!-- Disable PSD format to mitigate CVE-2022-32545 -->
<policy domain="coder" rights="none" pattern="PSD" />
<policy domain="coder" rights="none" pattern="PSDM" />
<!-- Additional recommended security policies -->
<policy domain="resource" name="memory" value="256MiB"/>
<policy domain="resource" name="map" value="512MiB"/>
<policy domain="resource" name="disk" value="1GiB"/>
</policymap>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
