CVE-2023-34634

HIGH EPSS 93.8%
Published Aug 1, 20232y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Aug 1, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
93.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 1

VendorProductVersionRange
getgreenshotgreenshot* ≤1.2.10.6

References 5

  • packetstormsecurity.com http://packetstormsecurity.com/files/173825/GreenShot-1.2.10-Arbitrary-Code-Execution.html
    ExploitPermissions RequiredThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/174222/Greenshot-1.3.274-Deserialization-Command-Execution.html
    Permissions Required
  • github.com https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c
    PatchThird Party Advisory
  • greenshot.atlassian.net https://greenshot.atlassian.net/browse/BUG-3061
    Issue TrackingThird Party Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/51633
    ExploitThird Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c
    PatchThird Party Advisory