CVE-2010-4167

Publication date 22 November 2010

Last updated 24 July 2024

Ubuntu priority

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
imagemagick	10.10 maverick	Fixed 7:6.6.2.6-1ubuntu1.1
	10.04 LTS lucid	Fixed 7:6.5.7.8-1ubuntu1.1
	9.10 karmic	Fixed 7:6.5.1.0-1.1ubuntu3.1
	8.04 LTS hardy	Fixed 7:6.3.7.9.dfsg1-2ubuntu1.2
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

PoC in debian bug.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1028-1
ImageMagick vulnerability
7 December 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-4167