Improper input validation in Imagemagick

CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.649 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a Imagemagick — versions ImageMagick-6.7

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

github.com/ImageMagick/ImageMagick/issues/6339
access.redhat.com/security/cve/CVE-2023-34152
bugzilla.redhat.com/show_bug.cgi
FEDORA-2023-d53831b69d (vendor-advisory)
FEDORA-2023-edbdccae2a (vendor-advisory)

Frequently asked questions

What is CVE-2023-34152?: CVE-2023-34152 is a vulnerability in Imagemagick, classified under Improper Input Validation. Published 2023-05-30.
Is CVE-2023-34152 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.