{"id":"CVE-2023-34153","details":"A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.","modified":"2026-05-28T04:08:56.526533167Z","published":"2023-05-30T00:00:00Z","related":["CGA-f6rp-gq4w-9vpf","SUSE-SU-2023:2344-1","openSUSE-SU-2024:13263-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"ImageMagick-6.7"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"redhat","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34153.json","cwe_ids":["CWE-77"]},"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2023-34153"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34153.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34153"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2210660"},{"type":"REPORT","url":"https://github.com/ImageMagick/ImageMagick/issues/6338"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/imagemagick/imagemagick","events":[{"introduced":"a5513da1b8559fc6789248b7d5afdc1b0bc672e1"},{"fixed":"11ffa6eb4548644a718158daa286295ed3174054"}],"database_specific":{"extracted_events":[{"introduced":"7.1.0-1"},{"fixed":"7.1.1-11"}],"cpe":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["7.1.1-10","7.1.1-9","7.1.1-8","7.1.1-7","7.1.1-6","7.1.1-5","7.1.1-4","7.1.1-3","7.1.1-2","7.1.1-1","7.1.1-0","7.1.0-62","7.1.0-61","7.1.0-60","7.1.0-59","7.1.0-58","7.1.0-57","7.1.0-56","7.1.0-55","7.1.0-54","7.1.0-53","7.1.0-52","7.1.0-51","7.1.0-50","7.1.0-49","7.1.0-48","7.1.0-47","7.1.0-46","7.1.0-45","7.1.0-44","7.1.0-43","7.1.0-42","7.1.0-41","7.1.0-40","7.1.0-39","7.1.0-38","7.1.0-37","7.1.0-36","7.1.0-35","7.1.0-34","7.1.0-33","7.1.0-32","7.1.0-31","7.1.0-30","7.1.0-29","7.1.0-28","7.1.0-27","7.1.0-26","7.1.0-25","7.1.0-24","7.1.0-23","7.1.0-22","7.1.0-21","7.1.0-20","7.1.0-19","7.1.0-18","7.1.0-17","7.1.0-16","7.1.0-15","7.1.0-14","7.1.0-13","7.1.0-12","7.1.0-11","7.1.0-10","7.1.0-9","7.1.0-8","7.1.0-7","7.1.0-6","7.1.0-5","7.1.0-4","7.1.0-3","7.1.0-2","7.1.0-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34153.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}