CVE-2024-41817

HIGH

CVSS v3

7.8

HIGH

EPSS Score

18.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.

Technical Details

Published
7/29/2024

Frequently Asked Questions

What is CVE-2024-41817?

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.

Is CVE-2024-41817 actively exploited?

Active exploitation of CVE-2024-41817 has not been confirmed. The EPSS score is 18.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-41817?

CVE-2024-41817 has a CVSS v3 base score of 7.8 (HIGH severity).

Is CVE-2024-41817 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.