[Bug 2004580] Re: Possible arbitrary file leak
David Zuelke
2004580 at bugs.launchpad.net
Mon Feb 27 12:52:15 UTC 2023
Any news here? Marc Deslauriers committed a fix for bionic on Feb 9
(https://launchpad.net/ubuntu/bionic/+source/imagemagick/+changelog),
but focal and jammy are still vulnerable.
Debian have classified this as severity "grave":
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767
I agree with this. It's trivially exploited using a crafted PNG. Every
Ruby on Rails app, for example, shells out to `convert` out of the box
for image resizing. It's a very standard use case.
Debian have also fixed it in bullseye (= same version as on jammy), only
buster (= same version as on focal) remains unpatched.
** Bug watch added: Debian Bug tracker #1030767
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/2004580
Title:
Possible arbitrary file leak
Status in imagemagick package in Ubuntu:
Confirmed
Bug description:
More details can be found here:
https://www.metabaseq.com/imagemagick-zero-days/
Affected versions:
Injection via "-authenticate"
- ImageMagick 6: 6.9.8-1 up to 6.9.11-40
Explotation via MSL:
-ImageMagick 6: 6.9.11-35 up to 6.9.11-40
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2004580/+subscriptions
More information about the foundations-bugs
mailing list