Is there a proper fix for DSA-4316?

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Post Reply
KernelDeimos
Posts: 1
Joined: 2018-10-16T18:33:44-07:00
Authentication code: 1152

Is there a proper fix for DSA-4316?

Post by KernelDeimos » 2018-10-16T18:41:11-07:00

Haiyo,

Recently a website I maintain stopped working due to a policy update.

My understanding comes from this Stack Overflow post: https://stackoverflow.com/questions/52817741/

As well as this page on SecurityDatabase.com: https://www.security-database.com/detai ... t=DSA-4316


The modified policy disables reading PDF files, which is an important function for our service. The only way we've found to solve the problem is by removing the policy updates.

Is there a proper way to configure ImageMagick to be protected from this vulnerability while still reading PDF files, or is a proper fix still pending?

User avatar
fmw42
Posts: 24461
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Is there a proper fix for DSA-4316?

Post by fmw42 » 2018-10-16T19:31:31-07:00

Have you tried editing the policy.xml file to uncomment this line

Code: Select all

 <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
and change rights to read|write

Code: Select all

 <policy domain="module" rights="read|write" pattern="{PS,PDF,XPS}" />

Post Reply