Is there a proper fix for DSA-4316?

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Post Reply
Posts: 1
Joined: 2018-10-16T18:33:44-07:00
Authentication code: 1152

Is there a proper fix for DSA-4316?

Post by KernelDeimos » 2018-10-16T18:41:11-07:00


Recently a website I maintain stopped working due to a policy update.

My understanding comes from this Stack Overflow post:

As well as this page on ... t=DSA-4316

The modified policy disables reading PDF files, which is an important function for our service. The only way we've found to solve the problem is by removing the policy updates.

Is there a proper way to configure ImageMagick to be protected from this vulnerability while still reading PDF files, or is a proper fix still pending?

User avatar
Posts: 25260
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Is there a proper fix for DSA-4316?

Post by fmw42 » 2018-10-16T19:31:31-07:00

Have you tried editing the policy.xml file to uncomment this line

Code: Select all

 <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
and change rights to read|write

Code: Select all

 <policy domain="module" rights="read|write" pattern="{PS,PDF,XPS}" />

Post Reply