A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Jun 2023, 14:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-34153 - Third Party Advisory | |
References | (MISC) https://github.com/ImageMagick/ImageMagick/issues/6338 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2210660 - Issue Tracking | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/ - Mailing List, Third Party Advisory |
03 Jun 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 22:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-34153
Mitre link : CVE-2023-34153
CVE.ORG link : CVE-2023-34153
JSON object : View
Products Affected
imagemagick
- imagemagick
fedoraproject
- fedora
- extra_packages_for_enterprise_linux
redhat
- enterprise_linux
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')