edit-icon download-icon

[Vulnerability notice] Remote code execution vulnerability in popen function in ImageMagick and GraphicsMagick

Last Updated: May 07, 2018

Description

ImageMagick and GraphicsMagick are popular image processing software.

ImageMagick was exposed with a remote code execution vulnerability, and GraphicsMagick was also impacted. This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously constructed image file.

Affected versions

  • ImageMagick: 7.0.1-6 or earlier versions
  • GraphicsMagick: 1.3.23 or earlier versions

Fix

  • Use Alibaba Cloud Security Web Application Firewall service to intercept the attacking code for this vulnerability.

  • Upgrade ImageMagick and GraphicsMagick to the latest version from the official websites.

    Note: Create a server snapshot before fixing the vulnerability to avoid loss from fix failure.

Thank you! We've received your feedback.