ImageMagick hexed again


A security researcher has found yet more security problems on ImageMagick.

Hanno Böck discovered a heap overflow and an out-of-bounds read bug on the site, which is used by many web firms to process images submitted by users. Both flaws have been fixed, allowing Böck to go public with his find, which he uncovered using fuzzing.

News of the latest bugs on the site follows days after server-hijacking holes on the site were discovered by CloudFlare and - much worse - a separate bug that allows images to execute commands on vulnerable systems. ®


Biting the hand that feeds IT © 1998–2021