The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
References
Link Providers
http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 cve-icon cve-icon
http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog cve-icon cve-icon
http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858 cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3591 cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3746 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2016/05/29/7 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2016/05/30/1 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html cve-icon cve-icon
http://www.securityfocus.com/bid/90938 cve-icon cve-icon
http://www.securitytracker.com/id/1035984 cve-icon cve-icon
http://www.securitytracker.com/id/1035985 cve-icon cve-icon
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2990-1 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2016:1237 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-5118 cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-5118 cve-icon
History

Tue, 19 Nov 2024 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:-:*:*:*:*:*:*:* cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-06-10T15:00:00

Updated: 2024-08-06T00:53:47.880Z

Reserved: 2016-05-29T00:00:00

Link: CVE-2016-5118

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-06-10T15:59:06.737

Modified: 2024-11-21T02:53:39.693

Link: CVE-2016-5118

cve-icon Redhat

Severity : Important

Publid Date: 2016-05-29T00:00:00Z

Links: CVE-2016-5118 - Bugzilla