[arch-security] [ASA-201605-6] imagemagick: arbitrary code execution

Levente Polyak anthraxx at archlinux.org
Thu May 5 22:27:46 UTC 2016


Arch Linux Security Advisory ASA-201605-6
=========================================

Severity: Critical
Date    : 2016-05-05
CVE-ID  : CVE-2016-3714
Package : imagemagick
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package imagemagick before version 6.9.3.10-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 6.9.3.10-1.

# pacman -Syu "imagemagick>=6.9.3.10-1"

The problem has been fixed upstream in version 6.9.3.10.

Workaround
==========

To prevent these possible exploits, simply add

    <policy domain="coder" rights="none" pattern="EPHEMERAL" />
    <policy domain="coder" rights="none" pattern="HTTPS" />
    <policy domain="coder" rights="none" pattern="MVG" />
    <policy domain="coder" rights="none" pattern="MSL" />
    <policy domain="coder" rights="none" pattern="TEXT" />
    <policy domain="coder" rights="none" pattern="SHOW" />
    <policy domain="coder" rights="none" pattern="WIN" />
    <policy domain="coder" rights="none" pattern="PLT" />

to your policy.xml file. To mitigate the dangerous HTTPS delegate, you
can also remove support for it by deleting it from the delegates.xml
configuration file.

Description
===========

It was discovered that ImageMagick did not properly sanitize certain
input before passing it to the delegate functionality. A remote
attacker could create a specially crafted image that, when processed by
an application using ImageMagick or an unsuspecting user using the
ImageMagick utilities, would lead to arbitrary execution of shell
commands with the privileges of the user running the application.

Impact
======

A remote attacker is able to use a specially crafted image file that,
when processed, is leading to arbitrary code execution.

References
==========

https://access.redhat.com/security/cve/CVE-2016-3714
https://bugs.archlinux.org/task/49203
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
https://imagetragick.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160506/82ca07f4/attachment.asc>


More information about the arch-security mailing list