Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34152: RCE (shell command injection) vulnerability in `OpenBlob` with `--enable-pipes` configured · Issue #6339 · ImageMagick/ImageMagick

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

CVE
#vulnerability#windows#ubuntu#git#rce#perl

Comments

urban-warrior pushed a commit to ImageMagick/ImageMagick6 that referenced this issue

May 18, 2023

dlemstra added a commit that referenced this issue

May 18, 2023

dlemstra added a commit to ImageMagick/ImageMagick6 that referenced this issue

May 18, 2023

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue

May 21, 2023

7.1.1-10 - 2023-05-21

Commits

beta release e31343f
carefully crafted image files (TIM2, JPEG) no longer overflow buffer nor use heap after free (thanks to Juzhi Lu, Zhen Zhou, Likang Luo of NSFOCUS Security Team) 1061db7
cosmetic bbf3966
Tweaks to devcontainer to also make it possible to run it locally dfb0b6e
Switch to regular Ubuntu image instead. b1ea9fe
Make sure options are properly quoted to resolve the issue reported in #6338. d31c80d
Mark argument as unused. 43e2cb6
possible RCE vulnerability (ImageMagick/ImageMagick#6339) 17c4859
properly cast double to size\_t (ImageMagick/ImageMagick#6341) 3d6d98d
cosmetic 8ce0403
Fixed MSYS2 build error. f9c9da1
Forgot to save file before commit. 7566fdd
Reverted the patch of ImageMagick/ImageMagick#6339. 99b72d8
add caution when enabling pipe support 1ff6dd4
eliminate compiler warning 4873197
do not initialize structures on stack 7c7d2fd
Use memset to initialize structures. 68148d5
incompatible function pointer types passing (ImageMagick/ImageMagick#6347) 2fbf938
Fixed Windows build. 3b5d986
release fa1d7e6

7.1.1-9 - 2023-05-14

Merged

Add support for Oklab #6309

Commits

beta release 0bb7454
Code cleanup of the fuzzers and silence warnings. d636ff4
update autoconf configuration file 699085f
framework for magick cache repository coder 46fe429
support digital media repository 0a439ab
check for NaN values c5762cc
alpha release of the digital media repository coder 1b82a1d
eliminate memory leak 514070c
bump minimum MagickCache version 6f00ac4
get the width of the main channel d4ac19b
Use autoreconf -fiv instead. fb1e259
support meta resource type be401fb
The libheif project switched to cmake. 6b76461
account for # channels in image 402c32d
Try to add libde265 to the linking to fix the fuzz build. 7410474
ensure blob and meta resource type can make a round trip 3797114
only clone resource image, not blob or meta 7a63f55
Revert changes. f8feb2e
Corrected linker flags. 3a1ce45
No longer use HOST\_FILLORDER but force the user to specify it when they don't want LSB byte order (#6300). 937d3dd
Tiny optimization. ac48d89
Code style changes. 783a78f
log gamma 0cf104a
rename Oklab to OkLab eb44114
revert afb52e3
cosmetic d35b2ab
don't default grayscale to paletted for PNG (ImageMagick/ImageMagick#6314) ac5f29e
release 776a88d

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907