CVE-2022-32545
Description
ImageMagick contains an out-of-range value vulnerability in coders/psd.c that can cause denial of service or undefined behavior when processing crafted PSD files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick contains an out-of-range value vulnerability in coders/psd.c that can cause denial of service or undefined behavior when processing crafted PSD files.
Vulnerability
ImageMagick is vulnerable to an out-of-range value of type 'unsigned char' in the PSD image parsing code located in coders/psd.c [1]. This flaw is triggered when crafted or untrusted input is processed, leading to undefined behavior. All versions of ImageMagick containing this code are affected.
Exploitation
An attacker can exploit this vulnerability by supplying a specially crafted PSD file to an application that uses ImageMagick to parse images. No authentication is required if the application processes user-supplied images. The crafted file causes the parser to compute a value outside the representable range of unsigned char, resulting in undefined behavior.
Impact
Successful exploitation leads to a negative impact on application availability, such as a crash or hang, due to undefined behavior. Other consequences, such as memory corruption, are possible but not confirmed in the available references.
Mitigation
Red Hat has closed this issue as WONTFIX, indicating that no patch will be provided [1]. Users should consider using alternative image processing libraries or implementing input validation to reject crafted PSD files. No official fix is available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords14 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-150200.10.31.1+ 13 more
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.1.1.17-1.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.1.0.9-150400.6.3.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.1.0.9-150400.6.3.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 6.8.8.1-71.177.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4News mentions
0No linked articles in our index yet.