Name of the Vulnerable Software and Affected Versions GraphicsMagick versions prior to 1.3.32 ImageMagick versions 4.2.9 through 5.5.2

Description A bug allows including file text as rendered text on a graphic image, or as text hidden in metadata, by using a file referred to with '@...ename' syntax. This issue can be exploited using the SVG and WMF formats, potentially allowing untrusted users to receive secure and private content, such as private keys or passwords.

Recommendations For GraphicsMagick versions prior to 1.3.32, update to version 1.3.32 or later to resolve the issue. For ImageMagick versions 4.2.9 through 5.5.2, consider disabling the use of the '@...ename' syntax until a patch is available. As a temporary workaround, restrict the use of SVG and WMF formats to minimize the risk of exploitation.