CVE-2016-5118 - Improper Access Control

Severity

99%

Complexity

99%

Confidentiality

165%

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 8 years ago

2016-06-10 15:59:00

Last updated 5 years ago

2019-12-27 16:08:00

Affected Software

GraphicsMagick

SUSE Linux Enterprise Debuginfo 11 Service Pack 4

11

SUSE Studio OnSite 1.3

1.3

SUSE Linux Enterprise Software Development Kit (SDK) 11 Service Pack 4

11

Oracle Solaris 10

10

Oracle Solaris 11.3

11.3

openSUSE Leap 42.1

42.1

OpenSUSE 13.2

13.2

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.10

15.10

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Debian Linux 8.0 (Jessie)

8.0

Novell SUSE Linux Enterprise Desktop 12.0

12.0

Novell SUSE Linux Enterprise Server 12.0

12.0

Novell SUSE Linux Enterprise Server 12.0 Service Pack 1

12.0

Novell SUSE Linux Enterprise Software Development Kit 12.0 Service Pack 1

12.0

References

http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8

Vendor Advisory

http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog

Release Notes, Vendor Advisory

http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858

openSUSE-SU-2016:1521

Third Party Advisory

openSUSE-SU-2016:1522

Third Party Advisory

openSUSE-SU-2016:1534

Third Party Advisory

SUSE-SU-2016:1570

Third Party Advisory

SUSE-SU-2016:1610

SUSE-SU-2016:1614

Third Party Advisory

openSUSE-SU-2016:1653

DSA-3591

Third Party Advisory

DSA-3746

[oss-security] 20160529 CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename

Release Notes

[oss-security] 20160529 Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Third Party Advisory

90938

1035984

Third Party Advisory

1035985

Third Party Advisory

SSA:2016-152-01

USN-2990-1

Third Party Advisory

RHSA-2016:1237

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.