CVE-2023-34153

Опубликовано: 30 мая 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Ссылки

https://access.redhat.com/security/cve/CVE-2023-34153
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2210660
Issue Tracking
https://github.com/ImageMagick/ImageMagick/issues/6338
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
Mailing List
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-34153
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2210660
Issue Tracking
https://github.com/ImageMagick/ImageMagick/issues/6338
Exploit
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 7.1.1-11 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00886

Низкий

7.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

CVE-2023-34153

CVSS3: 7.8

ubuntu

около 2 лет назад

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

CVE-2023-34153

CVSS3: 7.8

redhat

около 2 лет назад

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

CVE-2023-34153

CVSS3: 7.8

debian

около 2 лет назад

A vulnerability was found in ImageMagick. This security flaw causes a ...

GHSA-7c5r-cghm-f2jx

CVSS3: 7.8

github

около 2 лет назад

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

BDU:2023-03621

CVSS3: 7.8

fstec

около 2 лет назад

Уязвимость консольного графического редактора ImageMagick, связанная с непринятием мер по чистке данных на управляющем уровне при обработке параметров video: vsync или video:pixel-format, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 74%

0.00886

Низкий

7.8 High

CVSS3

Дефекты

CWE-77