ImageMagick Security Policy Bypass Vulnerability Allowing Standard Stream Access

A vulnerability exists in ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, where the 'secure' security policy fails to block fd:<n> pseudo-filenames. This oversight allows bypassing the policy's intent to prevent reading from or writing to standard input and output streams. Although the secure policy includes a rule to block standard streams, fd:<n> references are not covered, creating a loophole that can be exploited to access stdin or stdout.

Impact

Exploitation of this vulnerability allows for unauthorized access to standard input and output streams, potentially leading to unintended data manipulation or processing.

Remediation

Users can manually add the missing fd pattern to their security policy to block these pseudo-filenames. Instructions for this workaround are available in the vulnerability advisory on GitHub. Additionally, users can update to ImageMagick versions 7.1.2-15 or 6.9.13-40, where this vulnerability has been patched.