Tech Imagemagick Remote Execution Vulnerabilities

[sarettah]

I was at my PHP Users group these evening and during the intro (Last month in PHP) it was brought up that some vulnerabilities had been discovered in imagemagick.

I do not do much with imagemagick anymore but I know that there are people here that run scripts that use it. I have not seen this being discussed here so I decided to post it so you can be aware of it.

I am not sure of the technical details about the vulnerabilities other than they seem to have to do with user submitted images.

There is a page describing the issues at https://imagetragick.com/.

Here is what they say in the intro:

Quote:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP?s imagick, Ruby?s rmagick and paperclip, and nodejs?s imagemagick.

If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities by doing at least one of these two things (but preferably both!):

Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing. (see FAQ for more info)

Use a policy file to disable the vulnerable ImageMagick coders. The global policy for ImageMagick is usually found in ?/etc/ImageMagick?. The below policy.xml example will disable the coders EPHEMERAL, URL, MVG, and MSL.......

Hope this helps someone.

.

[Bladewire]

Thanks for the heads up!