NONE 0.0 NuGet
ImageMagick: SVG-to-MVG Command Injection via coders/svg.c
GHSA-xpg8-7m6m-jf56
Published ยท Modified
Description
An attacker can inject arbitrary MVG (Magick Vector Graphics) drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering.
References
- WEB https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56
- WEB https://github.com/ImageMagick/ImageMagick/commit/9db96365ecab5de69cdec81b9359672b3a827aaa
- WEB https://github.com/ImageMagick/ImageMagick/commit/f63c78b3828933f1cc7cf499390248981af765aa
- PACKAGE https://github.com/ImageMagick/ImageMagick
Ready to move
Start Securing
Free, no credit card | First findings in minutes