SUSE CVE-2023-41334

🗓️ 20 Mar 2024 03:50:21Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Astropy 5.3.2 enables remote code execution via savelayout in TransformGraph; fixed in 5.3.3.

Reporter	Title	Published	Views	Family All 31
Circl	CVE-2023-41334	18 Mar 202417:34	–	circl
CNNVD	Astropy Security Breach	18 Mar 202400:00	–	cnnvd
CVE	CVE-2023-41334	18 Mar 202418:48	–	cve
Cvelist	CVE-2023-41334 astropy vulnerable to RCE in TranformGraph().to_dot_graph function	18 Mar 202418:48	–	cvelist
Debian	[SECURITY] [3803-1] astropy security update	30 Apr 202416:32	–	debian
Debian	[SECURITY] [3803-1] astropy security update	30 Apr 202416:24	–	debian
Debian CVE	CVE-2023-41334	18 Mar 202418:48	–	debiancve
EUVD	EUVD-2024-0929	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 40 Update: python-astropy-5.3.3-1.fc40	5 Jul 202406:22	–	fedora
Fedora	[SECURITY] Fedora 39 Update: python-astropy-5.3.3-1.fc39	5 Jul 202401:18	–	fedora

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	python310-astropy	6.0.0-3.1	python310-astropy-6.0.0-3.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python311-astropy	6.0.0-3.1	python311-astropy-6.0.0-3.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python312-astropy	6.0.0-3.1	python312-astropy-6.0.0-3.1.noarch.rpm
OpenSUSE Tumbleweed	–	any	python39-astropy	6.0.0-3.1	python39-astropy-6.0.0-3.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2023-41334
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1221661

07 Dec 2025 00:25Current

8.2High risk

Vulners AI Score8.2

CVSS 3.18.4

EPSS0.01124

SSVC

Astropy core TransformGraph savelayout remote code execution subprocess Popen CVE 2023 41334 version 5.3.3