ImageMagick
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*
- < 7.1.2-26
- < 6.9.13-51
A policy bypass vulnerability has been identified in ImageMagick versions prior to 7.1.2-26 and in the 6.9.13-x series prior to 6.9.13-51. The vulnerability arises in the '-script' operation, where missing security policy checks allow files to be read from paths that the security policy would normally restrict.
Exploitation of this vulnerability could lead to unauthorized file access, allowing users to read files from disallowed paths.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.