RubySec

Providing security resources for the Ruby community

OSVDB-106954 (quick_magick): quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted String Handling Remote Command Injection

ADVISORIES

  • OSVDB-106954

GEM

quick_magick

PATCHED VERSIONS

None.

DESCRIPTION

quick_magick Gem for Ruby contains a flaw in the QuickMagick::Image.read function. The issue is triggered when handling a specially crafted string. This may allow a remote attacker to inject arbitrary commands.