CVE-2023-34152

CRITICAL

ImageMagick - Remote Code Execution via OpenBlob Pipe Handling

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-34152. PoCs published by overgrowncarrot1, SudoIndividual.

AI-analyzed exploit summary This PoC exploits CVE-2023-34152 in ImageMagick by crafting a malicious PNG filename that executes a reverse shell when processed. It uses command injection via shell metacharacters in the filename to decode and execute a base64-encoded payload.

Description

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Exploits (2)

nomisec WORKING POC 10 stars

by overgrowncarrot1 · poc

https://github.com/overgrowncarrot1/ImageTragick_CVE-2023-34152

View Code ZIP pw:eip

This PoC exploits CVE-2023-34152 in ImageMagick by crafting a malicious PNG filename that executes a reverse shell when processed. It uses command injection via shell metacharacters in the filename to decode and execute a base64-encoded payload.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ImageMagick (versions affected by CVE-2023-34152)

No auth needed

Prerequisites: ImageMagick installed on target system · Ability to upload or process malicious PNG filename

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by SudoIndividual · poc

https://github.com/SudoIndividual/CVE-2023-34152

View Code ZIP pw:eip

This PoC exploits CVE-2023-34152, an arbitrary command execution vulnerability in ImageMagick 6.9.6-4, by crafting a malicious PNG filename that triggers shell command injection when processed. The exploit generates a reverse shell payload embedded in the filename, leveraging incomplete sanitization of special characters like backticks and quotes.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ImageMagick 6.9.6-4

No auth needed

Prerequisites: Attacker-controlled file upload to a system processing images with ImageMagick · Network connectivity for reverse shell callback

MITRE ATT&CK

T1059.004 - Unix Shell T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2023-34152

Issue Tracking, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2210659

Exploit, Issue Tracking, Patch, Vendor Advisory

https://github.com/ImageMagick/ImageMagick/issues/6339

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/

Scores

CVSS v3 9.8

EPSS 0.0801

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-20 CWE-78

Status published

Products (6)

fedoraproject/extra_packages_for_enterprise_linux 8.0

fedoraproject/fedora 37

fedoraproject/fedora 38

imagemagick/imagemagick < 7.1.1-11

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

Published May 30, 2023

Tracked Since Feb 18, 2026