Multiple security vulnerabilities have been found in ImageMagick, an image processing library that is commonly used by millions of websites globally. The vulnerabilities can result in remote code execution on websites that allow user-submitted images. Due to dependencies on the ImageMagick library by other commonly-used plugins for PHP, Ruby, and nodejs, this vulnerability can potentially impact a large number of web services.
The recommended solution is to use an ImageMagick policy file in order to disable the specific ImageMagick “coders” that are vulnerable (ref: https://imagetragick.com/). The policy file is generally located in /etc/ImageMagick. In addition, prior to sending images to ImageMagick for processing, all image files should be verified to ensure that their file signatures match the particular file types supported by the implementation.
