ImageMagick before 7.1.2-26 and 6.9.13-x before 6.9.13-51 contains a policy bypass vulnerability in the -script operation due to missing security policy checks. This allows reading files from paths that are otherwise disallowed by the configured security policy.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imagemagick | Imagemagick | 6.9.13-0 (including) | 6.19.13-51 (excluding) |
| Imagemagick | Imagemagick | 7.0.0-0 (including) | 7.1.2-26 (excluding) |
| Imagemagick | Ubuntu | upstream | * |