PRIOn knowledge basePRION:CVE-2023-34153Command injection
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.0%
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
| CPE | Name | Operator | Version |
|---|---|---|---|
| extra_packages_for_enterprise_linux | eq | 8.0 | |
| fedora | eq | 37 | |
| fedora | eq | 38 | |
| imagemagick | lt | 7.1.1.11 | |
| enterprise_linux | eq | 7.0 | |
| enterprise_linux | eq | 6.0 |
References
access.redhat.com/security/cve/CVE-2023-34153
bugzilla.redhat.com/show_bug.cgi?id=2210660
github.com/ImageMagick/ImageMagick/issues/6338
lists.fedoraproject.org/archives/list/[email protected]/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
lists.fedoraproject.org/archives/list/[email protected]/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
8.0%