Aptly named ImageTragick, this archive holds various proof of concept exploits for a code execution vulnerability in ImageMagick.
7ef8dc436a62c18845ceb572a37b5b5db3153198f06fc8d99d4b831eb4d08332Debian Linux Security Advisory 3746-1 - Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution.
accbe7218e293472b633d9075a6a9f156fffbefe2b412453ad96dbd227c13359Gentoo Linux Security Advisory 201611-21 - Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.6.2 are affected.
46dc24173e41a5be471383b74ecf85c28310e324afd76fcc85fbe71380a39534Ubuntu Security Notice 2990-1 - Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. Various other issues were also addressed.
73f21e3761ff9c2c84217f7d140aa28af93ba5bd5e170c1b968c4697b5b4030eDebian Linux Security Advisory 3580-1 - Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.
747cf13d24c6beb4d0ce9afc86b233876539d3430e7ac143db6dd5daba44316eSlackware Security Advisory - New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
c4da51baeb811c7024d5c6795c0b076bea7647f672ffea50e9194da2d6fc2420Red Hat Security Advisory 2016-0726-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.
d8a4d48a224920151135854a97230c9e638aa805c9f55366f91c9cbf59079185
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed