E23-esoc1
CVSS:
6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
False Positive:
f
Variants:
5
Year:
2022
Description
This strike exploits an arbitrary file read vulnerability in ImageMagick.This vulnerability is due to improper input validation of textual chunk types containing the "profile" keyword when parsing PNG files. A remote attacker could exploit this vulnerability by enticing the victim to open the crafted file through ImageMagick. Successfully exploiting this vulnerability could result in disclosure of file contents.