Описание
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 8:6.9.11.60+dfsg-1ubuntu1 |
| esm-apps/focal | released | 8:6.9.10.23+dfsg-2.1ubuntu11.9 |
| esm-apps/jammy | not-affected | 8:6.9.11.60+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/xenial | not-affected | code not rpesent |
| focal | released | 8:6.9.10.23+dfsg-2.1ubuntu11.9 |
| groovy | ignored | end of life |
| hirsute | not-affected | 8:6.9.11.60+dfsg-1ubuntu1 |
Показывать по
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the - ...
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
6.8 Medium
CVSS2
7.8 High
CVSS3