ImageMagick remote code execution

Description
  • Multiple vulnerabilities were reported in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if the application is processing user submitted images. Many image processing plugins depend on the ImageMagick library, including, but not limited to, PHP's imagick, Ruby's rmagick and paperclip, and nodejs's imagemagick.
Remediation
  • Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing. Consult Web references for more information about this vulnerability.
References