漏洞标题
配置 ImageMagick 安全策略时遇到的问题
漏洞描述信息
配置ImageMagick安全策略时的问题
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
漏洞类别
N/A
漏洞标题
Issue when Configuring the ImageMagick Security Policy
漏洞描述信息
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
漏洞类别
将资源暴露给错误范围
漏洞标题
Imagemagick Studio ImageMagick 竞争条件问题漏洞
漏洞描述信息
Imagemagick Studio ImageMagick是美国Imagemagick Studio公司的一套开源的图像处理软件。该软件可读取、转换或写入多种格式的图片。 ImageMagick 中存在竞争条件问题漏洞,该漏洞源于产品policy.xml文件中的module策略排除Postscript文件时会导致该文件可读写。
CVSS信息
N/A
漏洞类别
竞争条件问题