7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.9%
ImageMagick is vulnerable to Command Injection. The vulnerability exists via video:vsync or video:pixel-format options in VIDEO encoding/decoding which allows an attacker to inject and execute arbitrary codes into the system.
CPE | Name | Operator | Version |
---|---|---|---|
imagemagick | le | 6.8.8-9 | |
imagemagick | le | 6.8.8-9 |
access.redhat.com/security/cve/CVE-2023-34153
bugzilla.redhat.com/show_bug.cgi?id=2210660
github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57
github.com/ImageMagick/ImageMagick/issues/6338
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
lists.fedoraproject.org/archives/list/[email protected]/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
lists.fedoraproject.org/archives/list/[email protected]/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/