GitHub_MVULNRICHMENT:CVE-2024-41817CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing ImageMagick. The vulnerability is fixed in 7.11-36.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:*"
],
"vendor": "imagemagick",
"product": "imagemagick",
"versions": [
{
"status": "affected",
"version": "7.11",
"versionType": "custom",
"lessThanOrEqual": "7.36"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total