GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Jan 29, 2021 12:26 am Post subject: [ GLSA 202101-36 ] ImageMagick |
 |
|
Gentoo Linux Security Advisory
Title: ImageMagick: Command injection (GLSA 202101-36)
Severity: normal
Exploitable: remote
Date: 2021-01-29
Bug(s): #756829
ID: 202101-36
Synopsis
A vulnerability in ImageMagick's handling of PDF was discovered
possibly allowing code execution.
Background
A collection of tools and libraries for many image formats.
Affected Packages
Package: media-gfx/imagemagick
Vulnerable: < 7.0.10.41-r1
Vulnerable: < 6.9.11.41-r1
Unaffected: >= 7.0.10.41-r1
Unaffected: >= 6.9.11.41-r1
Architectures: All supported architectures
Description
A flaw in ImageMagick’s handling of password protected PDFs was
discovered.
Impact
A remote attacker could entice a user to open a specially crafted PDF
using ImageMagick possibly resulting in execution of arbitrary code with
the privileges of the process or a Denial of Service condition.
Workaround
Do not open untrusted PDFs.
Resolution
All ImageMagick 7 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=media-gfx/imagemagick-7.0.10.41-r1"
|
All ImageMagick 6 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=media-gfx/imagemagick-6.9.11.41-r1"
|
References
CVE-2020-29599 |
|
News & Announcements
