Remote code execution vulnerability in libmagickwand?

The MagickWand interface is a new high-level C API interface to ImageMagick core methods. We discourage the use of the core methods and encourage the use of this API instead. Post MagickWand questions, bug reports, and suggestions to this forum.
Post Reply
chomas
Posts: 1
Joined: 2016-05-18T07:40:25-07:00
Authentication code: 1151

Remote code execution vulnerability in libmagickwand?

Post by chomas »

Sorry if this question has already been answered somewhere but my searches have come up empty. We package VIPS with libmagickwand-dev Depends: libmagickwand5 (= 8:6.7.7.10-6ubuntu3), libmagickcore5-extra (= 8:6.7.7.10-6ubuntu3), libmagickcore-dev (= 8:6.7.7.10-6ubuntu3). Could the https://imagetragick.com vulnerability be exposed?
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: Remote code execution vulnerability in libmagickwand?

Post by magick »

See https://www.imagemagick.org/discourse-s ... =4&t=29588. Add the suggested policies and you should be safe.
Post Reply