RedhatCVELIST:CVE-2023-34152

HistoryMay 30, 2023 - 12:00 a.m.

CVE-2023-34152

2023-05-3000:00:00

CWE-20

redhat

www.cve.org

imagemagick

vulnerability

remote code execution

openblob

enable pipes

security flaw

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ImageMagick",
    "versions": [
      {
        "version": "ImageMagick-6.7",
        "status": "affected"
      }
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2023-34152

bugzilla.redhat.com/show_bug.cgi?id=2210659

github.com/ImageMagick/ImageMagick/issues/6339

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/