{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-29599", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T16:55:10.634Z", "dateReserved": "2020-12-07T00:00:00", "datePublished": "2020-12-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-03-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html"}, {"url": "https://github.com/ImageMagick/ImageMagick/discussions/2851"}, {"name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"}, {"name": "GLSA-202101-36", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202101-36"}, {"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:55:10.634Z"}, "title": "CVE Program Container", "references": [{"url": "https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html", "tags": ["x_transferred"]}, {"url": "https://github.com/ImageMagick/ImageMagick/discussions/2851", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"}, {"name": "GLSA-202101-36", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202101-36"}, {"name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "32FB07F5-29A7-4B77-BDEA-A3A690508ED9", "versionEndExcluding": "6.9.11-40", "versionStartIncluding": "6.9.8-1", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "83AFF99E-224E-45AC-9EDF-F2D0D0584475", "versionEndExcluding": "7.0.10-40", "versionStartIncluding": "7.0.5-3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c."}, {"lang": "es", "value": "ImageMagick versiones anteriores a 6.9.11-40 y versiones 7.x anteriores a 7.0.10-40 maneja inapropiadamente la opci\u00f3n -authenticate, que permite establecer una contrase\u00f1a para archivos PDF protegidos con contrase\u00f1a. La contrase\u00f1a controlada por el usuario no era escapada y saneada apropiadamente y, por lo tanto, fue posible inyectar comandos de shell adicionales por medio del archivo coders/pdf.c"}], "id": "CVE-2020-29599", "lastModified": "2023-03-11T23:15:16.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-07T20:15:12.773", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/discussions/2851"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202101-36"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-91"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:0024", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ImageMagick-0:6.9.10.68-5.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-01-05T00:00:00Z"}], "bugzilla": {"description": "ImageMagick: Shell injection via PDF password could result in arbitrary code execution", "id": "1907456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907456"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.", "A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2020-29599", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "inkscape", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-29599\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29599\nhttps://github.com/ImageMagick/ImageMagick/discussions/2851\nhttps://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html"], "statement": "Although ImageMagick is shipped as bundled dependency of Inkscape, the further package is not affected as the primary usage for ImageMagick in Inkscape is for bitmap filters thus not exposing the affected code path.", "threat_severity": "Important", "upstream_fix": "ImageMagick 7.0.10-40"}