imagemagick: arbitrary code execution

ID ASA-201605-6
Type archlinux
Reporter Arch Linux
Modified 2016-05-05T00:00:00


It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.