A vulnerability was reported in ImageMagick. A remote user can execute arbitrary commands on the target system in certain cases.
A remote user can supply a specially crafted filename string that, when processed by the target application using ImageMagick, will execute arbitrary shell commands contained in the filename string. The commands will run with the privileges of the target application using the ImageMagick library.
A string with a pipe character ('|') as the first character can trigger this flaw.
The flaw can be exploited, for example, via a specially crafted SVG xlink:href attribute value.
A demonstration exploit command line sequence is provided: