[Pkg-gmagick-im-team] Bug#601824: imagemagick: reads config files from cwd
Nelson A. de Oliveira
naoliv at debian.org
Sat Oct 30 02:00:42 UTC 2010
Hi Jakub!
On Fri, Oct 29, 2010 at 11:43 PM, Jakub Wilk <jwilk at debian.org> wrote:
> ImageMagick reads several configuration files[0] from the current working
> directory. Unfortunately, this allows local attackers to execute arbitrary
> code if ImageMagick is run from an untrusted directory.
I have confirmed it here and forwarded upstream.
Thank you!
Best regards,
Nelson
More information about the Pkg-gmagick-im-team
mailing list