The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
2016-06-10T15:59:06.737
2025-04-12T10:46:40.837
Deferred
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | graphicsmagick | graphicsmagick | ≤ 1.3.23 | Yes |
| Application | suse | linux_enterprise_debuginfo | 11 | Yes |
| Application | suse | studio_onsite | 1.3 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 11 | Yes |
| Operating System | oracle | solaris | 10 | Yes |
| Operating System | oracle | solaris | 11.3 | Yes |
| Operating System | oracle | linux | 6 | Yes |
| Operating System | oracle | linux | 7 | Yes |
| Operating System | opensuse | leap | 42.1 | Yes |
| Operating System | opensuse | opensuse | 13.2 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 15.10 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | suse | linux_enterprise_desktop | 12 | Yes |
| Operating System | suse | linux_enterprise_desktop | 12.0 | Yes |
| Operating System | suse | linux_enterprise_server | 12 | Yes |
| Operating System | suse | linux_enterprise_server | 12.0 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 12 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 12.0 | Yes |
| Operating System | suse | linux_enterprise_workstation_extension | 12 | Yes |
| Operating System | suse | linux_enterprise_workstation_extension | 12 | Yes |
| Application | imagemagick | imagemagick | < 7.0.1-7 | Yes |