TITLE: ImageMagick Utilities Image Filename Shell Command Injection SECUNIA ADVISORY ID: SA18261 VERIFY ADVISORY: http://secunia.com/advisories/18261/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote SOFTWARE: ImageMagick 6.x http://secunia.com/product/3763/ DESCRIPTION: Florian Weimer has discovered a vulnerability in ImageMagick, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the delegate code used by various ImageMagick utilities (e.g. display, identify) when handling an image filename. This can be exploited to execute arbitrary commands when an image file with a filename containing shell command is opened either via the command line or from the file open dialog box. Successful exploitation requires that the user is e.g. tricked into downloading and saving an image file with a specially crafted filename and opening it. The vulnerability has been confirmed in version 6.2.5 compiled from source (with default options). Other versions may also be affected. SOLUTION: Do not open image files with suspicious looking filenames. PROVIDED AND/OR DISCOVERED BY: Florian Weimer ORIGINAL ADVISORY: Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------