ImageMagick and GraphicsMagick are popular image processing software.
ImageMagick was exposed with a remote code execution vulnerability, and GraphicsMagick was also impacted. This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously constructed image file.
- ImageMagick: 7.0.1-6 or earlier versions
- GraphicsMagick: 1.3.23 or earlier versions
Use Alibaba Cloud Security Web Application Firewall service to intercept the attacking code for this vulnerability.
Upgrade ImageMagick and GraphicsMagick to the latest version from the official websites.
Note: Create a server snapshot before fixing the vulnerability to avoid loss from fix failure.