Launchpad CVE tracker

CVE 2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016052...
MLIST: [oss-security] 2016052...
CONFIRM: http://git.imagemagick...
CONFIRM: http://hg.code.sf.net/...
CONFIRM: http://hg.code.sf.net/...
DEBIAN: DSA-3591
SUSE: openSUSE-SU-2016:1521
SUSE: openSUSE-SU-2016:1522
SUSE: openSUSE-SU-2016:1534
SECTRACK: 1035984
SECTRACK: 1035985
SUSE: SUSE-SU-2016:1570
UBUNTU: USN-2990-1
SUSE: SUSE-SU-2016:1614
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
SUSE: SUSE-SU-2016:1610
SUSE: openSUSE-SU-2016:1653
BID: 90938
SLACKWARE: SSA:2016-152-01
DEBIAN: DSA-3746
REDHAT: RHSA-2016:1237

Launchpad.net

CVE 2016-5118

Related bugs

References