All Products
Document Center

[Vulnerability notice] Remote code execution vulnerability caused by ImageMagick and GraphicsMagick popen

Last Updated: Apr 02, 2018

Vulnerability description

ImageMagick and GraphicsMagick are widely used image processing software.

It was disclosed that ImageMagick had a remote code execution vulnerability, and GraphicsMagick was also affected by the vulnerability. This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously crafted image file.

Affected scope

  • ImageMagick < 7.0.1-6
  • GraphicsMagick < 1.3.23

How to fix