CVE-2023-34152

SOURCE - nist

Summary

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

EPSS Score⁠: 0.00386 (0.731)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

SOURCE - redhat

CWE-20⁠

Improper Input Validation

Sources (5)

Impacted images

debian

CREATED

1 year ago

UPDATED

17 days ago

SOURCE IDCVE-2023-34152⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/imagemagick	deb	debian	12	>=8:6.9.11.60+dfsg-1.6	Not yet available
debian/imagemagick	deb	debian	13	>=8:6.9.12.98+dfsg1-5.2	Not yet available
debian/imagemagick	deb	debian	unstable	>=8:6.9.12.98+dfsg1-5.2	Not yet available
debian/imagemagick	deb	debian	10	>=8:6.9.10.23+dfsg-2.1+deb10u1	Not yet available
debian/imagemagick	deb	debian	11	>=8:6.9.11.60+dfsg-1.3+deb11u2	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

1 year ago

UPDATED

9 months ago

SOURCE IDCVE-2023-34152⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

9.8critical

ubuntu

CREATED

1 year ago

UPDATED

1 month ago

SOURCE IDCVE-2023-34152⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

redhat

CREATED

1 year ago

UPDATED

10 months ago

SOURCE IDCVE-2023-34152⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

9.4high

inthewild

CREATED

4 months ago

UPDATED

4 months ago

SOURCE IDCVE-2023-34152⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE