Описание
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ImageMagick | Not affected | ||
| Red Hat Enterprise Linux 6 | ImageMagick | Fixed | RHSA-2016:1237 | 16.06.2016 |
| Red Hat Enterprise Linux 7 | ImageMagick | Fixed | RHSA-2016:1237 | 16.06.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and G ...
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
Уязвимость компонента gnuplot консольного графического редактора ImageMagick и GraphicsMagick, позволяющая нарушителю выполнить произвольные команды
EPSS
5.1 Medium
CVSS2