Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3591-1
HistoryJun 01, 2016 - 12:00 a.m.

imagemagick - security update

2016-06-0100:00:00
Google
osv.dev
2
JSON

Bob Friesenhahn from the GraphicsMagick project discovered a command
injection vulnerability in ImageMagick, a program suite for image
manipulation. An attacker with control on input image or the input
filename can execute arbitrary commands with the privileges of the user
running the application.

This update removes the possibility of using pipe (|) in filenames to
interact with imagemagick.

It is important that you upgrade the libmagickcore-6.q16-2 and not just
the imagemagick package. Applications using libmagickcore-6.q16-2 might
also be affected and need to be restarted after the upgrade.

For the stable distribution (jessie), this problem has been fixed in
version 8:6.8.9.9-5+deb8u3.

We recommend that you upgrade your imagemagick packages.

JSON