VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-stv3-x88x-aaaa

Essentials
Severities (80)
References (23)
Severity details (32)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-stv3-x88x-aaaa
Aliases	CVE-2022-44268
Summary	ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Status	Published
Exploitability	2.0
Weighted Severity	5.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3.1	6.5	http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
cvssv3.1	6.5	http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
ssvc	Track	http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
ssvc	Track	http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44268.json
epss	0.02170	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02170	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02170	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02170	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02170	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02170	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02288	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02288	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02288	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02288	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02751	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02751	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02751	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02751	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02751	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.02751	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.86502	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.86502	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.86502	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.86502	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88627	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88627	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88627	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88627	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88627	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88664	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88776	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88776	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.88776	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.89475	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
epss	0.89475	https://api.first.org/data/v1/epss?cve=CVE-2022-44268
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://imagemagick.org/
cvssv3.1	6.5	https://imagemagick.org/
ssvc	Track	https://imagemagick.org/
ssvc	Track	https://imagemagick.org/
cvssv3.1	6.5	https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
cvssv3.1	6.5	https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-44268
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-44268
cvssv3.1	6.5	https://www.debian.org/security/2023/dsa-5347
cvssv3.1	6.5	https://www.debian.org/security/2023/dsa-5347
ssvc	Track	https://www.debian.org/security/2023/dsa-5347
ssvc	Track	https://www.debian.org/security/2023/dsa-5347
cvssv3.1	6.5	https://www.metabaseq.com/imagemagick-zero-days/
cvssv3.1	6.5	https://www.metabaseq.com/imagemagick-zero-days/
ssvc	Track	https://www.metabaseq.com/imagemagick-zero-days/
ssvc	Track	https://www.metabaseq.com/imagemagick-zero-days/

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44268.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-44268
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44267
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://imagemagick.org/
		https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/
		https://www.debian.org/security/2023/dsa-5347
		https://www.metabaseq.com/imagemagick-zero-days/
1030767		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767
2167594		https://bugzilla.redhat.com/show_bug.cgi?id=2167594
cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.1.0-49:::::::*
CVE-2022-44268	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/51261.txt
CVE-2022-44268		https://nvd.nist.gov/vuln/detail/CVE-2022-44268
GLSA-202405-02		https://security.gentoo.org/glsa/202405-02
USN-5855-1		https://usn.ubuntu.com/5855-1/
USN-5855-2		https://usn.ubuntu.com/5855-2/
USN-5855-4		https://usn.ubuntu.com/5855-4/

Data source	Exploit-DB
Date added	April 5, 2023
Description	ImageMagick 7.1.0-49 - Arbitrary File Read
Ransomware campaign use	Unknown
Source publication date	April 5, 2023
Exploit type	local
Platform	multiple
Source update date	April 24, 2023

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at http://packetstormsecurity.com/files/171727/ImageMagick-7.1.0-48-Arbitrary-File-Read.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44268.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://imagemagick.org/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://imagemagick.org/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://imagemagick.org/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AINSUL2QBKETGYRPA7XSCMJWLUB44M6S/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZLLS37P67CMBRML6OCG42GPCKGRCJNV/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44268

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-44268

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5347

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5347

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://www.debian.org/security/2023/dsa-5347

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.metabaseq.com/imagemagick-zero-days/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.metabaseq.com/imagemagick-zero-days/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T14:21:09Z/ Found at https://www.metabaseq.com/imagemagick-zero-days/

Exploit Prediction Scoring System (EPSS)

Percentile	0.89648
EPSS Score	0.02170
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.