• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ImageMagick File Name Handling Remote Format String Vulnerability

ImageMagick is reported prone to a remote format-string vulnerability.

Reportedly, this issue arises when the application handles malformed filenames. An attacker can exploit this vulnerability by crafting a malicious file with a name that contains format specifiers and sending the file to an unsuspecting user.

Note that there are other attack vectors that may not require user interaction, since the application can be used with custom printing systems and web applications.

A successful attack may crash the application or lead to arbitrary code execution.

All versions of ImageMagick are considered vulnerable at the moment.