← Retour aux CVEs

CVE-2016-5118

CRITICAL

9.8

Description

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie6/10/2016

Derniere modification4/12/2025

Sourcenvd

Observations honeypot0

Produits affectes

canonical:ubuntu_linuxdebian:debian_linuxgraphicsmagick:graphicsmagickimagemagick:imagemagickopensuse:leapopensuse:opensuseoracle:linuxoracle:solarissuse:linux_enterprise_debuginfosuse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kitsuse:linux_enterprise_workstation_extensionsuse:studio_onsite

References

http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8(cve@mitre.org)

http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog(cve@mitre.org)

http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html(cve@mitre.org)

http://www.debian.org/security/2016/dsa-3591(cve@mitre.org)

http://www.debian.org/security/2016/dsa-3746(cve@mitre.org)

http://www.openwall.com/lists/oss-security/2016/05/29/7(cve@mitre.org)

http://www.openwall.com/lists/oss-security/2016/05/30/1(cve@mitre.org)

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html(cve@mitre.org)

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html(cve@mitre.org)

http://www.securityfocus.com/bid/90938(cve@mitre.org)

http://www.securitytracker.com/id/1035984(cve@mitre.org)

http://www.securitytracker.com/id/1035985(cve@mitre.org)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749(cve@mitre.org)

http://www.ubuntu.com/usn/USN-2990-1(cve@mitre.org)

https://access.redhat.com/errata/RHSA-2016:1237(cve@mitre.org)

http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8(af854a3a-2127-422b-91ae-364da2661108)

http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog(af854a3a-2127-422b-91ae-364da2661108)

http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2016/dsa-3591(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2016/dsa-3746(af854a3a-2127-422b-91ae-364da2661108)

http://www.openwall.com/lists/oss-security/2016/05/29/7(af854a3a-2127-422b-91ae-364da2661108)

http://www.openwall.com/lists/oss-security/2016/05/30/1(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/90938(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1035984(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1035985(af854a3a-2127-422b-91ae-364da2661108)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2990-1(af854a3a-2127-422b-91ae-364da2661108)

https://access.redhat.com/errata/RHSA-2016:1237(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.