CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Configurations

Configuration 1 (hide)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

History

07 Jun 2023, 14:27

Type Values Removed Values Added
CPE cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://access.redhat.com/security/cve/CVE-2023-34153 - (MISC) https://access.redhat.com/security/cve/CVE-2023-34153 - Third Party Advisory
References (MISC) https://github.com/ImageMagick/ImageMagick/issues/6338 - (MISC) https://github.com/ImageMagick/ImageMagick/issues/6338 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2210660 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2210660 - Issue Tracking
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/ - Mailing List, Third Party Advisory

03 Jun 2023, 05:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/ -

30 May 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-30 22:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-34153

Mitre link : CVE-2023-34153

CVE.ORG link : CVE-2023-34153


JSON object : View

Products Affected

imagemagick

  • imagemagick

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux

redhat

  • enterprise_linux
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')