ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-07T00:00:00

Updated: 2024-08-04T16:55:10.634Z

Reserved: 2020-12-07T00:00:00

Link: CVE-2020-29599

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-07T20:15:12.773

Modified: 2024-11-21T05:24:17.280

Link: CVE-2020-29599

cve-icon Redhat

Severity : Important

Publid Date: 2020-12-07T00:00:00Z

Links: CVE-2020-29599 - Bugzilla