GraphicsMagick support?

[imreFitos]

GraphicsMagick is very close to ImageMagick but has a few missing options like 'convert -layers'. It would be nice if GraphicsMagick was also supported somehow.

[Daniel-ltw]

👍

Have notice the ImageMagick package full of CVEs on Alpine.

Could allow other users to some alternative.

[saghaulor]

During a pentest at my shop, a researcher uploaded a jpg that was crafted to exponentially consume memory. It effectively created a denial of service on the server. It is somehow exploiting a bug in ImageMagick. The exploit triggers when Paperclip calls the identify command from ImageMagick.

I attempted to replicate the issue with GraphicsMagick and it would not reproduce. Consequently, allowing the ability to switch the underlying 'swiss-army-knife' image tool would be very useful. As the code is currently written, we will have to patch all code that references ImageMagick in order to use GraphicsMagick.

[sidraval]

Thank you for reporting this. Unfortunately, we will be deprecating Paperclip and therefore will not have the bandwidth to address this issue.