ImageMagick and GraphicsMagick are widely used image processing software.
It was disclosed that ImageMagick had a remote code execution vulnerability, and GraphicsMagick was also affected by the vulnerability. This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously crafted image file.
- ImageMagick < 7.0.1-6
- GraphicsMagick < 1.3.23
How to fix
Use Alibaba Cloud Security Web Application Firewall to intercept attack code of the vulnerability.
Download the software of the latest version from the official website and install it.
Note: Before you fix the vulnerability, create server snapshots, which can be used for restoration if fixing the vulnerability fails.