CVE-2022-2719
Description
A crafted file triggers an assertion failure in ImageMagick's WriteImages due to a NULL image list, causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted file triggers an assertion failure in ImageMagick's WriteImages due to a NULL image list, causing denial of service.
Vulnerability
In ImageMagick versions prior to 7.1.0-30, a specially crafted file can cause an assertion failure when the WriteImages function is called in MagickWand/operation.c. The failure occurs because the image list is NULL, leading to an assertion check that terminates the process. This affects ImageMagick 7.1.0-29 and earlier [1].
Exploitation
An attacker can exploit this vulnerability by providing a crafted image file to an application that uses ImageMagick and invokes WriteImages. No authentication or special privileges are required if the application processes user-supplied images. The crafted file triggers the assertion failure, causing the application to crash [1].
Impact
Successful exploitation results in a denial of service (DoS) due to the assertion failure. The crash terminates the process, potentially disrupting service availability. There is no indication of information disclosure, data corruption, or remote code execution [1].
Mitigation
The vulnerability is fixed in ImageMagick version 7.1.0-30. Users should upgrade to this version or later. No workarounds are documented. The issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16(expand)+ 1 more
- (no CPE)
- (no CPE)range: <7.1.0-30
- osv-coords14 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-staticpkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1
< 0+ 13 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.0.7.34-150200.10.36.1
- (no CPE)range: < 7.1.0.9-150400.6.6.1
- (no CPE)range: < 7.1.1.17-1.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-150200.10.36.1
- (no CPE)range: < 7.1.0.9-150400.6.6.1
- (no CPE)range: < 7.0.7.34-150200.10.36.1
- (no CPE)range: < 7.1.0.9-150400.6.6.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.