Remote Code Execution Vulnerability in Horde_Image Library by Horde
CVE-2017-14650

8.1HIGH

Key Information:

Vendor

Horde

Vendor
CVE Published:
21 September 2017

What is CVE-2017-14650?

A Remote Code Execution vulnerability exists in the Horde_Image library when utilizing the 'Im' backend with ImageMagick's 'convert' utility. This vulnerability stems from inadequate input validation of the index field in the _raw() function, which can lead to the execution of arbitrary commands. Although it is not exploitable through any specific Horde applications, custom implementations using the Horde_Image library could be at risk. Affected versions range from 2.0.0 to 2.5.1, and this issue is addressed in version 2.5.2.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.