ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
History

Wed, 11 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Vendors & Products Imagemagick
Imagemagick imagemagick

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-29T15:53:17.236Z

Updated: 2024-08-02T04:46:53.171Z

Reserved: 2024-07-22T13:57:37.137Z

Link: CVE-2024-41817

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:53.171Z

cve-icon NVD

Status : Modified

Published: 2024-07-29T16:15:05.360

Modified: 2024-11-21T09:33:07.940

Link: CVE-2024-41817

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-27T13:13:00Z

Links: CVE-2024-41817 - Bugzilla