Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2020-29599

Updated: 2022-05-25 08:14:24.901259

Description:

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.8
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS imagemagick 6.7.2.7 Released CLSA-2021:1617641265 2022-05-06 06:32:06.63275