| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Access restriction bypass |
|
| Description |
| + |
In ImageMagick before version 7.1.0-7, Postscript files could be read and written in certain cases when specifically excluded by a `module` policy in `policy.xml`. |
|
| References |
| + |
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr |
| + |
https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e |
| + |
https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 |
|
| Notes |
| + |
Workaround |
| + |
========== |
| + |
|
| + |
Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also the recommended workaround: |
| + |
|
| + |
<policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" /> |
|