Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 794a0dc0 by Salvatore Bonaccorso at 2023-05-29T22:13:37+02:00 Add CVE-2023-34153/imagemagick - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2023-34153 [Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding] + - imagemagick <not-affected> (Vulnerable code introduced later in ImageMagick7) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6338 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 (7.1.1-10) + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/8fdb81b3c551a37f41a6370fe7d1634406eb1cef + NOTE: introduces the vsync and pix_fmt features, without introducing the vulnerability. CVE-2023-34152 [RCE vulnerability in OpenBlob with --enable-pipes configured] - imagemagick <unfixed> (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/794a0dc05c6c0ca1e280076fb91cffb00e7b34de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/794a0dc05c6c0ca1e280076fb91cffb00e7b34de You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
