The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Graphicsmagick | Graphicsmagick | * | 1.3.23 (including) |