It was found that gnuplot delegate functionality in ImageMagick and GraphicsMagick allows system command injection while interpreting gnuplot files.
Upstream patch (ImageMagick):
Upstream patch (GraphicsMagick):
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2016:1237 https://access.redhat.com/errata/RHSA-2016:1237
To clear things up a bit:
* gnuplot files should not be processed when coming from an untrusted source, as they can contain dangerous commands.
* ImageMagick does not care. If it detects a gnuplot file, it tries to delegate it to gnuplot.
If gnuplot is not installed or ImageMagick can't launch gnuplot, there should be no issue.
RHEL5 specific: The gnuplot delegation in RHEL5 is broken due to an unrelated issue. ImageMagick fails to launch gnuplot correctly, thus preventing this attack vector.