CVE-2024-41817

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.11-36

Description The issue arises when the AppImage version of ImageMagick sets the MAGICK CONFIGURE PATH and LD LIBRARY PATH environment variables to an empty path during execution. This could potentially lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory.

Recommendations For versions prior to 7.11-36, update to version 7.11-36 or later to resolve the issue. As a temporary workaround, consider restricting the execution of ImageMagick in untrusted directories to minimize the risk of exploitation.