CVE-2023-34153: Command Injection
First published: Mon May 29 2023(Updated: )
A vulnerability was found in ImageMagick. This issue may allow shell command injection via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ImageMagick ImageMagick | <7.1.1.11 | |
| Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| ImageMagick ImageMagick | <7.1.1-11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/ImageMagick/ImageMagick/issues/6338
- https://access.redhat.com/security/cve/CVE-2023-34153
- https://bugzilla.redhat.com/show_bug.cgi?id=2210660
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
- https://www.cve.org/CVERecord?id=CVE-2023-34153 https://nvd.nist.gov/vuln/detail/CVE-2023-34153
- https://access.redhat.com/security/cve/cve-2023-34153
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210661
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210662
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210663
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
Frequently Asked Questions
What is CVE-2023-34153?
CVE-2023-34153 is a vulnerability found in ImageMagick that allows shell command injection via video:vsync or video:pixel-format options in video encoding/decoding.
Which software is affected by CVE-2023-34153?
CVE-2023-34153 affects ImageMagick, specifically version 7.1.1.11, Fedoraproject Extra Packages For Enterprise Linux version 8.0, Fedoraproject Fedora version 37 and 38, and Redhat Enterprise Linux versions 6.0 and 7.0.
What is the severity of CVE-2023-34153?
CVE-2023-34153 has a severity level of 7, which is classified as high.
How can I fix CVE-2023-34153?
To fix CVE-2023-34153, make sure to update ImageMagick to a version that includes the security patch provided by the developer.
Where can I find more information about CVE-2023-34153?
You can find more information about CVE-2023-34153 on the official ImageMagick GitHub page, Red Hat's security advisory, and Bugzilla.
- collector/nvd-latest
- collector/redhat-cve
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-34153
- agent/event
- agent/trending
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/imagemagick
- canonical/imagemagick imagemagick
- vendor/fedoraproject
- canonical/fedoraproject extra packages for enterprise linux
- version/fedoraproject extra packages for enterprise linux/8.0
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0