CVE-2020-29599 — XML Injection (aka Blind XPath Injection) in Imagemagick

CWE-91 — XML Injection (aka Blind XPath Injection)CWE-77 — Command Injection10 documents7 sources

Severity

7.8HIGHNVD

EPSS

68.8%

top 1.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick Debian Linux

Timeline

PublishedDec 7

Latest updateJul 25

Description

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/imagemagick< imagemagick 8:6.9.11.57+dfsg-1 (bookworm)

▶NVDimagemagick/imagemagick6.9.8-1 — 6.9.11-40+1

▶Debianimagemagick/imagemagick< 8:6.9.11.57+dfsg-1+3

▶Ubuntuimagemagick/imagemagick< 8:6.9.10.23+dfsg-2.1ubuntu11.9+5

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

imagemagick vulnerabilities↗2024-07-25

▶

OSV

imagemagick vulnerabilities↗2023-07-04

▶

GHSA

GHSA-685x-r4m9-ffxr: ImageMagick before 6↗2022-05-24

▶

OSV

CVE-2020-29599: ImageMagick before 6↗2020-12-07

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2024-07-25

▶

Ubuntu

ImageMagick vulnerabilities↗2023-07-04

▶

Red Hat

ImageMagick: Shell injection via PDF password could result in arbitrary code execution↗2020-12-07

▶

Debian

CVE-2020-29599: imagemagick - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authentica...↗2020

▶

📄Research Papers

arXiv

Patch2QL: Discover Cognate Defects in Open Source Software Supply Chain With Auto-generated Static Analysis Rules↗2024-01-30

▶