CVE-2024-41817

HIGH

ImageMagick 7.0.11-13-7.1.1-36 - Uncontrolled Search Path Element via MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-41817. PoCs published by adminlove520, Dxsk, maikneysm.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-41817, including an autopwn script and a detailed writeup. The PoC demonstrates an authentication bypass vulnerability in TOTOLINK devices by manipulating the authCode parameter.

Description

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.

Exploits (3)

github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2024/CVE-2024-41817

The repository contains functional exploit code for CVE-2024-41817, including an autopwn script and a detailed writeup. The PoC demonstrates an authentication bypass vulnerability in TOTOLINK devices by manipulating the authCode parameter.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TOTOLINK LR350, T6
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Dxsk · poc
https://github.com/Dxsk/CVE-2024-41817-poc

This repository contains a functional exploit for CVE-2024-41817, targeting ImageMagick versions <= 7.1.1-35. The exploit leverages malicious XML delegation or crafted library files to achieve arbitrary code execution, with support for detection, payload generation, and automated deployment via SSH.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ImageMagick <= 7.1.1-35
Auth required
Prerequisites: SSH access to target · GCC >= 9.4.0 · Python 3.11+ with paramiko
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by maikneysm · poc
https://github.com/maikneysm/AutoPwn-Titanic.htb

This repository contains a functional exploit PoC for CVE-2024-41817, targeting ImageMagick via a malicious shared library. It includes a detailed writeup and an automation script that demonstrates LFI, credential extraction, SSH access, and privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: ImageMagick 7.1.1-35
Auth required
Prerequisites: LFI vulnerability in web application · Gitea SQLite database access · SSH credentials · ImageMagick vulnerable version
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.0
EPSS 0.0093
EPSS Percentile 55.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (1)
imagemagick/imagemagick 7.0.11-13 - 7.1.1-36
Published Jul 29, 2024
Tracked Since Feb 18, 2026