PT-2026-54046 · Unknown · Imagemagick
Sondt99
·
Published
2026-06-30
·
Updated
2026-07-01
·
CVE-2026-56377
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ImageMagick versions prior to 7.1.2-24
Description
An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed by security policies, allowing arbitrary files to be written outside of intended boundaries.
Recommendations
Update to version 7.1.2-24 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imagemagick