Multiple vulnerabilities in ImageMagick
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-34152 CVE-2023-34475 |
| CWE-ID | CWE-78 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ImageMagick Client/Desktop applications / Multimedia software |
| Vendor |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) OS Command Injection
EUVDB-ID: #VU79740
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34152
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in OpenBlob with --enable-pipes configured. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsImageMagick: before 7.1.1-10
External linkshttp://github.com/ImageMagick/ImageMagick/commit/99b72d81a3370a966a52ec2fa88dacda3f5b028e
http://github.com/ImageMagick/ImageMagick6/commit/43daec8ed100cd68d4bf257721373a6473456391
http://github.com/ImageMagick/ImageMagick/issues/6339
http://bugzilla.redhat.com/show_bug.cgi?id=2210659
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU79837
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34475
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ReplaceXmpValue() function in MagickCore/profile.c. A remote attacker can pass specially crafted image to the application and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsImageMagick: before 7.1.1-10
External linkshttp://bugzilla.redhat.com/show_bug.cgi?id=2214149
http://access.redhat.com/security/cve/CVE-2023-34475
http://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
