CVE 2005-4601
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
Related bugs and status
CVE-2005-4601 (Candidate) is related to these bugs:
Bug #20599: imagemagick in combination with transcode fails (amd64)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 20599 | imagemagick in combination with transcode fails (amd64) | imagemagick (Ubuntu) | High | Fix Released | ||
| 20599 | imagemagick in combination with transcode fails (amd64) | imagemagick (Debian) | Unknown | Fix Released | ||
Bug #27767: Shell command injection in delegate code (via file names)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 27767 | Shell command injection in delegate code (via file names) | imagemagick (Ubuntu) | High | Fix Released | ||
| 27767 | Shell command injection in delegate code (via file names) | imagemagick (Debian) | Unknown | Fix Released | ||
Bug #27952: imagemagick: New format string vulnerability in SetImageInfo().
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 27952 | imagemagick: New format string vulnerability in SetImageInfo(). | imagemagick (Ubuntu) | High | Fix Released | ||
| 27952 | imagemagick: New format string vulnerability in SetImageInfo(). | imagemagick (Debian) | Unknown | Fix Released | ||
Bug #28042: libmagick: array index overflow in DisplayImageCommand
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 28042 | libmagick: array index overflow in DisplayImageCommand | imagemagick (Ubuntu) | High | Fix Released | ||
| 28042 | libmagick: array index overflow in DisplayImageCommand | imagemagick (Debian) | Unknown | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
