CVE-2024-41817
HIGHCVSS v3
7.8
HIGH
EPSS Score
18.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
Technical Details
- Published
- 7/29/2024
Frequently Asked Questions
What is CVE-2024-41817?
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
Is CVE-2024-41817 actively exploited?
Active exploitation of CVE-2024-41817 has not been confirmed. The EPSS score is 18.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-41817?
CVE-2024-41817 has a CVSS v3 base score of 7.8 (HIGH severity).
Is CVE-2024-41817 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.