Vulnerability Description
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | <= 6.6.5-4 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052515.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052599.h
- http://rhn.redhat.com/errata/RHSA-2012-0544.html
- http://secunia.com/advisories/42497
- http://secunia.com/advisories/42744
- http://secunia.com/advisories/48100
- http://secunia.com/advisories/49063
- http://www.imagemagick.org/script/changelog.php
- http://www.openwall.com/lists/oss-security/2010/11/13/1
- http://www.openwall.com/lists/oss-security/2010/11/15/3
- http://www.securityfocus.com/bid/45044
- http://www.ubuntu.com/usn/USN-1028-1
- http://www.vupen.com/english/advisories/2010/3150
- http://www.vupen.com/english/advisories/2010/3322
FAQ
What is CVE-2010-4167?
CVE-2010-4167 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration f...
How severe is CVE-2010-4167?
CVE-2010-4167 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4167?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick.