ImageMagick Input Validation Vulnerability (ImageTragick)
RISK: Extremely High Risk
TYPE: Web services - Web Servers
![TYPE: Web Servers](/f/bulletin_type/100027/37p37/web-services.png)
An input validation vulnerability has been identified in ImageMagick, which could be exploited by remoter attacker to execute arbitrary code on target system.
The vulnerability could affect web server since a common vulnerable configuration would be a web server that allows image uploads that are subsequently processed with ImageMagick.
The vulnerability is also known as "ImageTragick" (https://imagetragick.com/).
Note:
- Exploit code for this vulnerability is publicly available
- The vulnerability is already being exploited in the wild.
Impact
- Remote Code Execution
System / Technologies affected
- Versions prior to 6.9.3-10 and 7.0.1-1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (6.9.3-10 and 7.0.1-1).
- Please also verify files and disable vulnerable filters:
http://www.kb.cert.org/vuls/id/250519#solution
Vulnerability Identifier
Source
Related Link
Share with