CVE-2010-4167 — Imagemagick vulnerability

8 documents7 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 71.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedNov 22

Latest updateMay 14

Description

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.6.0.4-3 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.6.0.4-3+3

▶NVDimagemagick/imagemagick6.6.5-4+325

🔴Vulnerability Details

GHSA

GHSA-47hr-2rq3-9pw5: Untrusted search path vulnerability in configure↗2022-05-14

▶

OSV

CVE-2010-4167: Untrusted search path vulnerability in configure↗2010-11-22

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerability↗2010-12-07

▶

Red Hat

ImageMagick: configuration files read from $CWD may allow arbitrary code execution↗2010-10-30

▶

Debian

CVE-2010-4167: imagemagick - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5...↗2010

▶

💬Community

Bugzilla

CVE-2010-4167 ImageMagick: configuration files read from $CWD may allow arbitrary code execution [fedora-all]↗2010-11-15

▶

Bugzilla

CVE-2010-4167 ImageMagick: configuration files read from $CWD may allow arbitrary code execution↗2010-11-13

▶