CVE-2022-32547
Description
In ImageMagick before 7.1.0-30, misaligned memory access in property.c can cause undefined behavior, leading to application crashes or instability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In ImageMagick before 7.1.0-30, misaligned memory access in property.c can cause undefined behavior, leading to application crashes or instability.
Vulnerability
In ImageMagick versions prior to 7.1.0-30, the MagickCore/property.c file contains code that performs loads of misaligned addresses for types double (requiring 8-byte alignment) and float (requiring 4-byte alignment). This occurs when processing crafted or untrusted input, leading to undefined behavior [1].
Exploitation
An attacker can provide a specially crafted image file that triggers the misaligned memory access when processed by ImageMagick. No authentication is required if the attacker can deliver the file to a user or service using ImageMagick. The exploitation does not require special network position beyond the ability to supply the input [1].
Impact
Successful exploitation can cause undefined behavior, potentially leading to application crashes or other unpredictable outcomes. The primary impact is on availability, as the vulnerability can cause denial of service. Other impacts may include information disclosure or further memory corruption depending on the specific undefined behavior [1].
Mitigation
The issue is fixed in ImageMagick version 7.1.0-30 [1]. Users should upgrade to this version or later. If upgrading is not possible, consider avoiding processing untrusted images with vulnerable versions.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords14 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-150200.10.31.1+ 13 more
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.1.1.17-1.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.1.0.9-150400.6.3.1
- (no CPE)range: < 7.0.7.34-150200.10.31.1
- (no CPE)range: < 7.1.0.9-150400.6.3.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 7.0.7.34-150000.3.123.1
- (no CPE)range: < 6.8.8.1-71.177.1
- (no CPE)range: < 6.8.8.1-71.177.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.