CVE - CVE-2016-5118

CVE-ID
CVE-2016-5118	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:90938 URL:http://www.securityfocus.com/bid/90938 CONFIRM:http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 CONFIRM:http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog CONFIRM:http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858 CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html DEBIAN:DSA-3591 URL:http://www.debian.org/security/2016/dsa-3591 DEBIAN:DSA-3746 URL:http://www.debian.org/security/2016/dsa-3746 MLIST:[oss-security] 20160529 CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename URL:http://www.openwall.com/lists/oss-security/2016/05/29/7 MLIST:[oss-security] 20160529 Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename URL:http://www.openwall.com/lists/oss-security/2016/05/30/1 REDHAT:RHSA-2016:1237 URL:https://access.redhat.com/errata/RHSA-2016:1237 SECTRACK:1035984 URL:http://www.securitytracker.com/id/1035984 SECTRACK:1035985 URL:http://www.securitytracker.com/id/1035985 SLACKWARE:SSA:2016-152-01 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749 SUSE:SUSE-SU-2016:1570 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html SUSE:SUSE-SU-2016:1610 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html SUSE:SUSE-SU-2016:1614 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html SUSE:openSUSE-SU-2016:1521 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html SUSE:openSUSE-SU-2016:1522 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html SUSE:openSUSE-SU-2016:1534 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html SUSE:openSUSE-SU-2016:1653 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html UBUNTU:USN-2990-1 URL:http://www.ubuntu.com/usn/USN-2990-1
Assigning CNA
MITRE Corporation
Date Record Created
20160529	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160529)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)