ImageMagick – Security Vulnerability Exposes Websites to Exploit

A recent security vulnerability was found by an enduser named Stewie. This security exploit affects popular free and open source software ImageMagick. ImageMagick is a popular program that allows websites to process images.

If your website processes user submitted images, ie. WordPress, then your website might be at risk of remote code execution. An exploit for this security vulnerability, is presently being used in wild. There are two possible quick solutions to this exploit.

* Verify image files begin with "magic bytes" before sending them to ImageMagick for processing
* Use policy file to disable this ImageMagick vulnerability

Usually an ImageMagick global policy file is found in /etc/imagemagick. Also, below is an example policy policy.xml policy file that will block vulnerable ImageMagick coders:

You can find out more detailed information about these security vulnerabilities at ImageTragick.com. ImageMagick is fully aware of these potential exploits and recommended afore mentioned policy file. If you have either ImageMagick 6.9.3-10 or 7.0.1-1, then these policy coders have already been secured.

You can verify your ImageMagick policies with this command:

-> convert -list policy

Leave a Comment
Do You Still Need Help? Schedule time with Aaron, to get expert remote support. Chat with me for immediate support.





About Author Aaron J. Berg



Aaron J. Berg is the owner of Anet Computers, host of the Reality PC podcast, and blogger at AnetComputers.com. For over thirteen years, he worked for fortune 500 companies and the United States Federal government supporting computers. Now he helps you solve your most common computer problems.

Leave a Reply