Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-29599

Published: 07/12/2020 Updated: 11/03/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

ImageMagick prior to 6.9.11-40 and 7.x prior to 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick

debian debian linux 9.0

Vendor Advisories

Red Hat: Important: ImageMagick security update
Synopsis Important: ImageMagick security update Type/Severity Security Advisory: Important Topic An update for ImageMagick is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Debian CVElist Bug Report Logs: imagemagick: CVE-2020-29599
Debian Bug report logs - #977205 imagemagick: CVE-2020-29599 Package: src:imagemagick; Maintainer for src:imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Dec 2020 14:06:02 UTC Severity: grave Tags: security, u ...
Amazon Linux 2: ALAS2-2021-1596
A flaw was found in ImageMagick The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdfc The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-29599) ...
Amazon Linux AMI: ALAS-2021-1479
A flaw was found in ImageMagick The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdfc The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-29599) ...

Github Repositories

https://github.com/genjix2/CVE-2020-29599

CVE-2020-29599 Artifex ImageMagick lib Artifex vesrion < 6911-40 and < 70 10-40 SVG files will be converted to images

https://github.com/coco0x0a/CVE-2020-29599

CVE-2020-29599 Artifex ImageMagick lib Artifex vesrion < 6911-40 and < 70 10-40 SVG files will be converted to images

References

CWE-91https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.htmlhttps://github.com/ImageMagick/ImageMagick/discussions/2851https://lists.debian.org/debian-lts-announce/2021/01/msg00010.htmlhttps://security.gentoo.org/glsa/202101-36https://lists.debian.org/debian-lts-announce/2023/03/msg00008.htmlhttps://access.redhat.com/errata/RHSA-2021:0024https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2021-1596.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook