Imagetragick fix – ImageMagick vulnerbility on Linux

Start Chatting Already [No Registration Required]

Enter The Chat

This will take you to the chat room you are looking for.

Open your terminal and type

convert -version

Output:
Version: ImageMagick 6.7.8-9 2019-02-01 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2012 ImageMagick Studio LLC
Features: OpenMP

convert is an ImageMagick utility out of which we obtain ImageMagick’s version.

Your version must be 6.9.3-9 or higher or show year greater than 2016.

If not, you are vulnerable to some of the vulnerbilities listed on ImageTragick’s website.

Updating/Upgrading ImageMagick

Ubuntu

sudo apt-get update
sudo apt-get install --only-upgrade imagemagick

Centos 7

#Typically, yum update should do the work
yum update

#Just in case you want to completely uninstall the old version & install a newer one, do this:
#Please do not run this on production. Try it on a test server first.
yum remove ImageMagick
yum --enablerepo="remi" install ImageMagick7

Vulnerabilities fixed in ImageMagick’s 2016-04-30 update:

ImageMagick Changelog

CVE-2016-3714 – CODE EXECUTION

CVE-2016-3718 – SSRF (WEB REQUEST VULNERABILITY)
CVE-2016-3715 – File deletion
CVE-2016-3716 – File moving
CVE-2016-3717 – Local file read 

You can look up these CVE codes in the Changelog or a Search Engine to find more about these specific vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *