GHSA-xcjm-wqff-m669MediumCVSS 5.5
ImageMagick: Policy Bypass can read disallowed files via symlink
🔗 CVE IDs covered (1)
📋 Description
An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink.
🎯 Affected products17
- nuget/Magick.NET-Q16-AnyCPU:< 14.14.0
- nuget/Magick.NET-Q16-HDRI-AnyCPU:< 14.14.0
- nuget/Magick.NET-Q16-HDRI-OpenMP-arm64:< 14.14.0
- nuget/Magick.NET-Q16-HDRI-arm64:< 14.14.0
- nuget/Magick.NET-Q16-HDRI-x64:< 14.14.0
- nuget/Magick.NET-Q16-HDRI-x86:< 14.14.0
- nuget/Magick.NET-Q16-OpenMP-arm64:< 14.14.0
- nuget/Magick.NET-Q16-OpenMP-x64:< 14.14.0
- nuget/Magick.NET-Q16-arm64:< 14.14.0
- nuget/Magick.NET-Q16-x64:< 14.14.0
- nuget/Magick.NET-Q16-x86:< 14.14.0
- nuget/Magick.NET-Q8-AnyCPU:< 14.14.0
- nuget/Magick.NET-Q8-OpenMP-arm64:< 14.14.0
- nuget/Magick.NET-Q8-OpenMP-x64:< 14.14.0
- nuget/Magick.NET-Q8-arm64:< 14.14.0
- nuget/Magick.NET-Q8-x64:< 14.14.0
- nuget/Magick.NET-Q8-x86:< 14.14.0