Remote Code Execution Vulnerability in Horde_Image Library by Horde
CVE-2017-14650
8.1HIGH
What is CVE-2017-14650?
A Remote Code Execution vulnerability exists in the Horde_Image library when utilizing the 'Im' backend with ImageMagick's 'convert' utility. This vulnerability stems from inadequate input validation of the index field in the _raw() function, which can lead to the execution of arbitrary commands. Although it is not exploitable through any specific Horde applications, custom implementations using the Horde_Image library could be at risk. Affected versions range from 2.0.0 to 2.5.1, and this issue is addressed in version 2.5.2.
