logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2016-5118

Description

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825800> * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825799>


Affected Package


OS OS Version Package Name Package Version
ubuntu 12.04 graphicsmagick any
ubuntu 14.04 graphicsmagick 1.3.18-1ubuntu3.1
ubuntu upstream graphicsmagick any
ubuntu 16.04 graphicsmagick 1.3.23-1ubuntu0.1
ubuntu 18.04 imagemagick 8:6.8.9.9-7ubuntu7
ubuntu 18.10 imagemagick 8:6.8.9.9-7ubuntu7
ubuntu 12.04 imagemagick precise was released [8:6.6.9.7-5ubuntu3.4]
ubuntu 14.04 imagemagick trusty was released [8:6.7.7.10-6ubuntu3.1]
ubuntu upstream imagemagick any
ubuntu 15.10 imagemagick 8:6.8.9.9-5ubuntu2.1
ubuntu 16.04 imagemagick 8:6.8.9.9-7ubuntu5.1
ubuntu 16.10 imagemagick 8:6.8.9.9-7ubuntu7
ubuntu 17.04 imagemagick 8:6.8.9.9-7ubuntu7

Related