X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

CLOSE

Simply complete the info below and we'll send you all you need to activate AppCheck NG and undertake your FREE scan.

Please enter individual IP addresses or ranges

Please enter full URLs for your web applications, and both http and https where appropriate

Critical Security Flaw in ImageMagick (imagetragick)


logo-mediumA vulnerability with a widely deployed image processing library was disclosed on the 5th of May 2016. Within an hour of the disclosure

AppCheck NG was updated to detect the flaw.

From the original advisory:

“There are multiple vulnerabilities in ImageMagick, a package
commonly used by web services to process images. One of the vulnerabilities
can lead to remote code execution (RCE) if you process user submitted images.
The exploit for this vulnerability is being used in the wild.
A number of image processing plugins depend on the ImageMagick library,
including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.”

Full details of the flaw can be found at https://imagetragick.com/