{
  "threat_severity" : "Moderate",
  "public_date" : "2024-07-27T13:13:00Z",
  "bugzilla" : {
    "description" : "ImageMagick: Possible arbitrary code execution by loading malicious configuration files or shared libraries",
    "id" : "2300498",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2300498"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-427",
  "details" : [ "ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.", "A flaw was found in ImageMagick. The 'AppImage' version of ImageMagick, when executed with an empty path in the MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH environment variables, can load malicious configuration files or shared libraries in the current directory, resulting in arbitrary code execution." ],
  "statement" : "ImageMagick as shipped in Red Hat Enterprise Linux is not affected by this vulnerability because the vulnerable code is not present. Additionally, this issue only affects the 'AppImage' version of ImageMagick, which is not shipped in any Red Hat product.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "ImageMagick",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-41817\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41817\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8" ],
  "name" : "CVE-2024-41817",
  "csaw" : false
}