Does ImageMagick Vulnerability occur in Portable Windows version?

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Post Reply
vlam0120
Posts: 2
Joined: 2016-05-04T17:24:34-07:00
Authentication code: 1151

Does ImageMagick Vulnerability occur in Portable Windows version?

Post by vlam0120 » 2016-05-05T08:34:15-07:00

I'm using a Portable Windows Version 6.9.1.8 (only one convert.exe file), it seems to be this version has not been affected by Vulnerabilities
CVE-2016-3714
CVE-2016-3715
CVE-2016-3718
CVE-2016-3716

When I tried to convert exploit file as https://imagetragick.com/ described, I got an error delegate.xml was not found. Even it showed loading built-in delegate file but at the end, it still showed "UnableToOpenConfigureFile "

..../LoadDelegateCache/1497/Configure
Loading delegate configuration file "built-in" ...
convert.exe: UnableToOpenConfigureFile `delegates.xml' @ warning/configure.c/Get
ConfigureOptions/706.

And no listing directory occurred (I changed command line from "ls" to "dir"). I'm feeling that portable version (or Windows version) has a bug with reading configuration files and fortunately it has not been affected by Vulnerabilities.

Am I correct?

Post Reply