CVE-2022-1114

Vulnerability

A heap-use-after-free flaw exists in ImageMagick's RelinquishDCMInfo() function within the coders/dcm.c file. The bug occurs when memory is freed and subsequently accessed during the parsing of a DICOM image. The vulnerability is present in ImageMagick versions prior to the fix, though the exact affected version range is not explicitly stated in the reference [1]. An attacker must supply a specially crafted DICOM image file to ImageMagick for processing.

Exploitation

An attacker with the ability to provide a malicious DICOM image to ImageMagick (e.g., via a user visiting a website or using an application that processes images) can trigger the vulnerability. The attacker does not require authentication or special privileges beyond file submission. The exploitation sequence involves the victim processing the crafted image, which causes a use-after-free condition in the RelinquishDCMInfo() function during cleanup.

Impact

Successful exploitation can lead to information disclosure and denial of service. The use-after-free may allow the attacker to read sensitive heap memory (confidentiality impact) or cause a crash (availability impact). The impact is considered limited as the flaw does not typically allow remote code execution.

Mitigation

Red Hat has classified this bug as NOTABUG, indicating that no security fix is planned or required based on their analysis [1]. No official patch or fixed version is available from the vendor. Administrators should consider removing or restricting the use of the DICOM coder in ImageMagick configurations as a workaround. The CVE is not listed on the CISA KEV as of this writing. Additional monitoring for upstream changes is advised.