Updated: 2026-03-05 01:13:08.820319
Description:
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | ImageMagick | 6.9.13.17 | 7.8 | HIGH | Already Fixed | 2025-01-31 23:24:06 | ||
| CentOS 7 ELS | ImageMagick | 6.9.10.68 | 7.8 | HIGH | Not Vulnerable | 2024-04-17 09:59:26 | Not affected. CVE-2023-34153 stems from a shell command injection introduced in ImageMagick 7’s VI... | |
| Ubuntu 16.04 ELS | ImageMagick | 6.8.9.9-7 | 7.8 | HIGH | Not Vulnerable | 2023-06-12 09:03:12 | Not affected: the injection vectors in this CVE rely on ImageMagick’s video.c support for the -def... | |
| Ubuntu 18.04 ELS | ImageMagick | 6.9.7.4 | 7.8 | HIGH | Not Vulnerable | 2023-06-12 09:03:12 | Not affected. CVE-2023-34153 targets ImageMagick’s VIDEO coder via the -define video:vsync and -de... |