CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
Untrusted search path vulnerability in configure.c in ImageMagick before
6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users
to gain privileges via a Trojan horse configuration file in the current
working directory.
Author | Note |
---|---|
mdeslaur | PoC in debian bug. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | imagemagick | < 7:6.3.7.9.dfsg1-2ubuntu1.2 | UNKNOWN |
ubuntu | 9.10 | noarch | imagemagick | < 7:6.5.1.0-1.1ubuntu3.1 | UNKNOWN |
ubuntu | 10.04 | noarch | imagemagick | < 7:6.5.7.8-1ubuntu1.1 | UNKNOWN |
ubuntu | 10.10 | noarch | imagemagick | < 7:6.6.2.6-1ubuntu1.1 | UNKNOWN |