CVE-2016-5118
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLoghttp://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.htmlhttps://access.redhat.com/errata/RHSA-2016:1237http://www.debian.org/security/2016/dsa-3591