Once we finish our building and testing procedure, the new version of ImageMagick will be deployed across our entire infrastructure, completely patching all our servers.Īs of this moment, all our servers are protected against this vulnerability. The project developers are already working on a new version, and code that fixes the issue has been committed.
IMAGEMAGICK CROP IMAGE UPDATE
You can think of it as a firewall blocking hacking attempts, that try to utilize this vulnerability. However, to fully patch this vulnerability an update of the ImageMagick service is necessary. After that with just another crop around the image borders the process is complete and I can save the image as. Basically, this means that even though the security issue is not patched yet, there’s a policy that would prevent an attacker from using it. jpg image, use the rotation tool with the following options: 0.2, cubic interpolation and crop with the original image ratio. We applied a change in the ImageMagick policies across all our servers that blocks the exploit. As usual our security team started working on a way to protect our customers immediately and came up with a solution hours after the vulnerability was disclosed. Unfortunately, a serious vulnerability was discovered within the service, that allows an attacker to execute code remotely on your site.
Most of the web applications use it for many different purposes – to crop images, to resize them, to generate different thumbnail sizes, etc. ImageMagick is one of the most widely used services to process images.
0 kommentar(er)
