OSVDB-106954 (quick_magick): quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted String Handling Remote Command Injection

quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted String Handling Remote Command Injection

Published: January 12, 2011

SECURITY IDENTIFIERS

OSVDB: OSVDB-106954
Vendor Advisory: https://security.snyk.io/vuln/SNYK-RUBY-QUICKMAGICK-20012

GEM

quick_magick

PATCHED VERSIONS

None available.

DESCRIPTION

quick_magick Gem for Ruby contains a flaw in the QuickMagick::Image.read function. The issue is triggered when handling a specially crafted string. This may allow a remote attacker to inject arbitrary commands.

https://security.snyk.io/vuln/SNYK-RUBY-QUICKMAGICK-20012
http://osvdb.org/show/osvdb/106954

RubySec

OSVDB-106954 (quick_magick): quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted String Handling Remote Command Injection

quick_magick Gem for Ruby QuickMagick::Image.read Function Crafted String Handling Remote Command Injection

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories