CVE-2020-29599

Опубликовано: 07 дек. 2020

Источник: debian

EPSS Средний

Описание

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
imagemagick	fixed	8:6.9.11.57+dfsg-1		package

Примечания

https://github.com/ImageMagick/ImageMagick/discussions/2851
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9e63436aa04c805fe3f9e2ed242dfa4621df823
ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/68154c05cf40a80b6f2e2dd9fdc4428570f875f0
ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/89a1c73ee2693ded91a72d00bdf3aba410f349f1
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a7b2d8328c539da6e79a118a0b8e97462c7daa77
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2eead004825d31e8f49022f0bc4ca0d3457b0bb1
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/20f520ed5c8541ae6646bc38d9d3b480785be6c3
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a2b3dd8455da2f17849b55e6b6ddcce587e4a323
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7b0cce080345e5b7ef26d122f18809c93a19a80e
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/875fdf773d6e822364f876bed14c1785a01b45a7
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/869e38717fa91325da87c2a4cedc148a770a07ec
ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/226804980651bb4eb5f3ba3b9d7e992f2eda4710
ImageMagick6 (bugfix): https://github.com/ImageMagick/ImageMagick6/commit/83ec5b5b8ee7cae891fff59340be207b513a030d (6.9.11-41)
Issue mitigated by disabling ghostscript handled formats based on -SAFER insecurity,
cf 200-disable-ghostscript-formats.patch in 8:6.9.10.23+dfsg-2.1+deb10u1, but opens
#964090.
2 vectors for IM6:
1. stealth (ps:* delegates, hard-coded options)
broken between 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2) and 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1)
'-authenticate' replaced by '-define authenticate=' between 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above
2. bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2)

EPSS

Процентиль: 99%

0.6875

Средний

Связанные уязвимости

CVE-2020-29599

CVSS3: 7.8

ubuntu

около 5 лет назад

CVE-2020-29599

CVSS3: 7.3

redhat

около 5 лет назад

CVE-2020-29599

CVSS3: 7.8

nvd

около 5 лет назад

GHSA-685x-r4m9-ffxr

CVSS3: 7.8

github

больше 3 лет назад

ELSA-2021-0024

oracle-oval

около 5 лет назад

ELSA-2021-0024: ImageMagick security update (IMPORTANT)

EPSS

Процентиль: 99%

0.6875

Средний