Uncontrolled Search Path Element
CVE-2024-41817
Summary
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The "AppImage" version "ImageMagick" might use an empty path when setting "MAGICK_CONFIGURE_PATH" and "LD_LIBRARY_PATH" environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability affects ImageMagick versions prior to 7.1.1-36.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Advisory Timeline
- Published