CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%
Openwall reports:
Insufficient filtering for filename passed to delegateโs command
allows remote code execution during conversion of several file
formats. Any service which uses ImageMagick to process user
supplied images and uses default delegates.xml / policy.xml,
may be vulnerable to this issue.
It is possible to make ImageMagick perform a HTTP GET or FTP
request
It is possible to delete files by using ImageMagickโs โephemeralโ
pseudo protocol which deletes files after reading.
It is possible to move image files to file with any extension
in any folder by using ImageMagickโs โmslโ pseudo protocol.
msl.txt and image.gif should exist in known location - /tmp/
for PoC (in real life it may be web service written in PHP,
which allows to upload raw txt files and process images with
ImageMagick).
It is possible to get content of the files from the server
by using ImageMagickโs โlabelโ pseudo protocol.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | imagemagick | <ย 6.9.3.9_1,1 | UNKNOWN |
FreeBSD | any | noarch | imagemagick-nox11 | <ย 6.9.3.9_1,1 | UNKNOWN |
FreeBSD | any | noarch | imagemagick7 | =ย 7.0.0.0.b20150715 | UNKNOWN |
FreeBSD | any | noarch | imagemagick7 | <ย 7.0.1.0_1 | UNKNOWN |
FreeBSD | any | noarch | imagemagick7-nox11 | =ย 7.0.0.0.b20150715 | UNKNOWN |
FreeBSD | any | noarch | imagemagick7-nox11 | <ย 7.0.1.0_1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%