CVE-2022-44268 PoC — ImageMagick 安全漏洞

Source

https://github.com/NataliSemi/-CVE-2022-44268

Associated Vulnerability

Title:ImageMagick 安全漏洞 (CVE-2022-44268)
Description:ImageMagick是美国ImageMagick公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 7.1.0-49版本存在安全漏洞，该漏洞源于存在信息泄露漏洞，当它在解析PNG图像时生成的图像可能会嵌入任意文件内容。

Readme

# PNG Image Generator

This Python script generates a PNG image filled with a specific color and embeds a file path as metadata using the Pillow library.

## Running the Script

### Prerequisites
- Python (install from [Python's official website](https://www.python.org/))
- Pillow library (`pip install pillow`)

### Steps

1. **Clone the Repository:**
   ```bash
   git clone https://github.com/NataliSemi/-CVE-2022-44268.git
   cd -CVE-2022-44268.git

2. Install Required Packages:
    ```bash
    pip install pillow
    pip install pypng

3. Run the Script:
    ```bash
    python create_image.py

Generated Image:
After running the script, an image file named image.png will be created in the repository directory.

## Example:
python create_image.py -f /path/to/local/file.txt -o output_image.png

File Snapshot


 [4.0K]  /data/pocs/b3b86bde2856f51359a09a0f2bcae24ca352fecc
├── [1.5K]  create_image.py
└── [ 805]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!