Back to search
CVE-2016-5118
Published: Jun 10, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2016:1237
vendor-advisory
x_refsource_REDHAT
1035985
vdb-entry
x_refsource_SECTRACK
SUSE-SU-2016:1570
vendor-advisory
x_refsource_SUSE
http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
x_refsource_CONFIRM
openSUSE-SU-2016:1534
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2016:1521
vendor-advisory
x_refsource_SUSE
1035984
vdb-entry
x_refsource_SECTRACK
90938
vdb-entry
x_refsource_BID
[oss-security] 20160529 Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
mailing-list
x_refsource_MLIST
USN-2990-1
vendor-advisory
x_refsource_UBUNTU
DSA-3591
vendor-advisory
x_refsource_DEBIAN
SSA:2016-152-01
vendor-advisory
x_refsource_SLACKWARE
SUSE-SU-2016:1614
vendor-advisory
x_refsource_SUSE
DSA-3746
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20160529 CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
mailing-list
x_refsource_MLIST
SUSE-SU-2016:1610
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2016:1653
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2016:1522
vendor-advisory
x_refsource_SUSE
http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now