Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2016-5118

Description

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

- http://www.ubuntu.com/usn/USN-2990-1

Github

- https://github.com/SudoIndividual/CVE-2023-34152

- https://github.com/superfish9/pt