Shell Command Injection Vulnerability in ImageMagick by ImageMagick
CVE-2023-34153

7.8HIGH

Key Information:

Vendor: Imagemagick
Status: ImageMagick
Vendor: CVE Published:; 30 May 2023

Summary

A security flaw exists in ImageMagick that allows for shell command injection through the video:vsync or video:pixel-format options during video encoding and decoding. This vulnerability may potentially allow an attacker to execute arbitrary commands on the server running the affected product, posing a significant risk to systems utilizing ImageMagick for media handling. Users are urged to apply patches and updates immediately to mitigate any potential exploitation of this vulnerability.

Affected Version(s)

ImageMagick ImageMagick-6.7

References

https://github.com/ImageMagick/ImageMagick/issues/6338

https://bugzilla.redhat.com/show_bug.cgi?id=2210660

https://access.redhat.com/security/cve/CVE-2023-34153

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
May 29, 2023