CVE-2010-4167

Description

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.

How to fix CVE-2010-4167

To remediate CVE-2010-4167, upgrade the affected package to a fixed version below.

• Debian/imagemagick—upgrade to 8:6.6.0.4-3 or later

Is CVE-2010-4167 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 8:6.6.0.4-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4167