CVE-2023-34153

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-34153

Severity

7.8

High

CVSS CVSS_V3

Description

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

References

https://images.chainguard.dev/security/CGA-hmh7-53hg-87r2
https://github.com/advisories/GHSA-7c5r-cghm-f2jx
https://access.redhat.com/security/cve/CVE-2023-34153
https://github.com/ImageMagick/ImageMagick/issues/6338
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
https://bugzilla.redhat.com/show_bug.cgi?id=2210660

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal