ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "7.0.5-3"
},
{
"fixed": "7.0.10-40"
},
{
"introduced": "7.0.5-3"
},
{
"fixed": "7.0.10-40"
}
],
"vendor_product": "imagemagick:imagemagick",
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"vendor_product": "debian:debian_linux",
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
]
}
]
}