CVE-2023-34153Command Injection in Imagemagick

CWE-77Command Injection5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.7%
top 27.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ImagemagickFedoraproject Extra Packages FOR Enterprise LinuxFedoraproject Fedora+1 more
Timeline
PublishedMay 30
Latest updateMay 31

Description

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDimagemagick/imagemagick7.1.0-17.1.1-11
CVEListV5imagemagick/imagemagickImageMagick-6.7

Also affects: Fedora 37, 38, Enterprise Linux 6.0, 7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-7c5r-cghm-f2jx: A vulnerability was found in ImageMagick2023-05-31
CVEList
CVE-2023-34153: A vulnerability was found in ImageMagick2023-05-30

📋Vendor Advisories

2
Red Hat
ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding2023-05-29
Debian
CVE-2023-34153: imagemagick - A vulnerability was found in ImageMagick. This security flaw causes a shell comm...2023
CVE-2023-34153 — Command Injection in Imagemagick | cvebase