View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-5118 severity moderate: SUSE including 170 source package names (GraphicsMagick-1.2.5-4.38.1, GraphicsMagick-1.3.25-1.1, …), 266 product×package rows across 62 product lines (SUSE Liberty Linux 7, SUSE Linux Enterprise Desktop 12, … (62 product lines)): Fixed 266.
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.