CVE-2016-5118: ImageMagick: Remote code execution via filename

Severity: Critical

CVSS Score: 9.8

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.