ImageMagick - Policy Bypass via Incorrect Path Validation
Summary
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. This could lead to the creation or truncation of files outside of intended boundaries, potentially affecting data integrity in specific configurations where ImageMagick processes untrusted input in a sandboxed environment. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-22. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
- < 7.1.2-24
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- To mitigate this use OS-level controls like SELinux, AppArmor, or container restrictions to strictly confine ImageMagick's write permissions. Restrict the process so it can only write to specific temporary or input directories, preventing unauthorized system file changes.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.