CVE-2005-4601
imagemagick - missing shell meta sanitising
EPSS 11.9%
Description
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
How to fix CVE-2005-4601
To remediate CVE-2005-4601, upgrade the affected package to a fixed version below.
- Debian/graphicsmagick—upgrade to 1.1.7-1 or later
- Debian/imagemagick—upgrade to 6:6.2.4.5-0.6 or later
- Debian/imagemagick—upgrade to 4:5.4.4.5-1woody8 or later
Is CVE-2005-4601 being exploited?
Moderate — EPSS is 11.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.1.7-1
- from 0, < 6:6.2.4.5-0.6
- from 0, < 4:5.4.4.5-1woody8