GHSA-xpg8-7m6m-jf56: ImageMagick: SVG-to-MVG Command Injection via coders/svg.c
An attacker can inject arbitrary MVG (Magick Vector Graphics) drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rendering.
References
- github.com/ImageMagick/ImageMagick
- github.com/ImageMagick/ImageMagick/commit/9db96365ecab5de69cdec81b9359672b3a827aaa
- github.com/ImageMagick/ImageMagick/commit/f63c78b3828933f1cc7cf499390248981af765aa
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56
- github.com/advisories/GHSA-xpg8-7m6m-jf56
Code Behaviors & Features
Detect and mitigate GHSA-xpg8-7m6m-jf56 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →