Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2016–3714: ImageTragick #288

Closed
dahlia opened this issue May 4, 2016 · 0 comments
Closed

CVE-2016–3714: ImageTragick #288

dahlia opened this issue May 4, 2016 · 0 comments
Labels
bug
Milestone
Wand 0.6.0

Comments

@dahlia
Copy link
Collaborator

dahlia commented May 4, 2016

ImageMagick Is On Fire — CVE-2016–3714

If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities by doing at least one of these two things (but preferably both!):

  1. Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing. (see FAQ for more info)
  2. Use a policy file to disable the vulnerable ImageMagick coders. The global policy for ImageMagick is usually found in “/etc/ImageMagick”. The below policy.xml example will disable the coders EPHEMERAL, URL, MVG, and MSL.
@dahlia dahlia added the bug label May 4, 2016
@emcconville emcconville added this to the Wand 0.6.0 milestone Apr 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
Wand 0.6.0
Development

No branches or pull requests
2 participants
@dahlia @emcconville