Skip to main content

Uncontrolled Search Path Element

CVE-2024-41817

Severity High
Score 7.8/10

Summary

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The "AppImage" version "ImageMagick" might use an empty path when setting "MAGICK_CONFIGURE_PATH" and "LD_LIBRARY_PATH" environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability affects ImageMagick versions prior to 7.1.1-36.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-427 - Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Advisory Timeline

  • Published