logo

Database

OS Command Injection In magick.net-q16-hdri-openmp-x64

Description

ImageMagick: SVG-to-MVG Command Injection via coders/svg.c An attacker can inject arbitrary MVG (Magick Vector Graphics) drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 19

10

Aliases

1. GHSA-xpg8-7m6m-jf562. GCVE-GHSA-xpg8-7m6m-jf56

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf562. https://github.com/ImageMagick/ImageMagick/commit/9db96365ecab5de69cdec81b9359672b3a827aaa3. https://github.com/ImageMagick/ImageMagick/commit/f63c78b3828933f1cc7cf499390248981af765aa

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.