News

Serious ImageMagick vulnerabilities discovered

    In case you haven't heard about there were some serious vulnerabilites in ImageMagick discovered:

    There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

    A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
    Source: https://imagetragick.com

    Since Zenphoto may use PHP Imagick for image processing you might be affected as well especially if you let third parties upload images to your site.

    Since this a server side extension there is nothing we can do. If you have control of your own server configuration you might be able to follow some of the advice noted on https://imagetragick.com. If on shared hosting you probably need to wait until this is fixed respectively Imagick is updated by your host.

    For questions and comments please use the forum or discuss on the social networks.