ImageMagick Vulnerability Handled?

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Locked
sathishsbcmca10
Posts: 1
Joined: 2019-07-28T21:57:50-07:00
Authentication code: 1152

ImageMagick Vulnerability Handled?

Post by sathishsbcmca10 »

Hi all
Can i know whether the latest version of ImageMagick-7.0.8-57-Q16-x64-dll.exe handled all the latest vulnerabilities to load the files safely ?

If it is handled,may i know the standards followed to handle the vulnerabilities?

Your response is much appreciated.. :)

Thanks in Advance..

User avatar
fmw42
Posts: 26383
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: ImageMagick Vulnerability Handled?

Post by fmw42 »

Your question is way too broad! What vulnerabilities specifically have you concerned.

Have you looked at the policy.xml file and set those to restrict anything that concerns you? The policy.xml file is there for you to avoid any vulnerabilities. It is typically set very strict. See https://imagemagick.org/script/resources.php

User avatar
magick
Site Admin
Posts: 11254
Joined: 2003-05-31T11:32:55-07:00

Re: ImageMagick Vulnerability Handled?

Post by magick »

We receive vulnerability reports from the Bugs forum, Git issues, and OSS-fuzz which continuously tries to trigger potential vulnerabilities and we actively repair any vulnerabilities we confirm. In addition, we release often to ensure the user community has access to the latest security patches. Finally, ImageMagick best practices strongly encourages you to configure a security policy that suits your local environment.
See https://imagemagick.org/script/security-policy.php.

Locked