Attackers Exploit Critical ImageMagick Vulnerability

ronjor · May 4, 2016

By Eduard Kovacs on May 04, 2016
Researchers have discovered several vulnerabilities in the popular image processing suite ImageMagick, including a serious remote code execution flaw that has been exploited in the wild.
Click to expand...

http://www.securityweek.com/attackers-exploit-critical-imagemagick-vulnerability

ronjor · May 4, 2016

ImageMagick does not properly validate input before processing images using a delegate

Original Release date: 04 May 2016 | Last revised: 04 May 2016Solution

Apply an Update

ImageMagick version 6.9.3-10 and 7.0.1-1 have been released to address these issues. Affected users should update to the latest version of ImageMagick as soon as possible.

However, affected users may also apply the following mitigations:
Click to expand...

http://www.kb.cert.org/vuls/id/25051

guest · Nov 25, 2020

ImageMagick PDF-parsing flaw allowed attacker to execute shell commands via maliciously crafted image
Exploit inspired by notorious ‘ImageTragick’ bug from 2016
November 24, 2020
https://portswigger.net/daily-swig/...-shell-commands-via-maliciously-crafted-image

A security researcher discovered fresh flaws in open source image converter ImageMagick during the process of exploring an earlier vulnerability dating back four years.

Alex Inführ (@insertScript) discovered his own shell injection vulnerability related to the parsing of PDF files by ImageMagick while investigating ‘ImageTragick’, a set of vulnerabilities discovered in 2016.
The vendor of the widely used image conversion utility developed fixes for the problem just days after it was reported to it by Inführ on November 16.

This allowed the researcher to safely document his findings in a technical blog post, published on Saturday (November 21).
Click to expand...

To protect against the vulnerability, users should upgrade to recently released patched versions (7.0.10-40 or 6.9.11-40) of ImageMagick.
Click to expand...

Log in or Sign up

Attackers Exploit Critical ImageMagick Vulnerability

ronjor Global Moderator

ronjor Global Moderator

guest Guest

Log in or Sign up

Attackers Exploit Critical ImageMagick Vulnerability

ronjor Global Moderator

ronjor Global Moderator

guest Guest

Useful Searches