ImageMagick DrawImage Function Denial of Service Vulnerability (CVE-2016-4564)

ImageMagick DrawImage Function Denial of Service Vulnerability (CVE-2016-4564)
ImageMagick DrawImage Function Denial of Service Vulnerability (CVE-2016-4564)

Release date:
Updated on:

Affected Systems:

ImageMagick ImageMagick < 6.9.4-0
ImageMagick ImageMagick 7.x < 7.0.1-2

Description:

CVE (CAN) ID: CVE-2016-4564

ImageMagick is an open-source image viewing and editing tool on Unix/Linux platforms.

ImageMagick <6.9.4-0, 7.x <7.0.1-2, MagickCore/draw. in c, the DrawImage function is used to locate the function call error when the next tag is located. By constructing files, remote attackers can exploit this vulnerability to cause DOS.

<* Source: ImageMagick
　
*>

Suggestion:

Vendor patch:

ImageMagick
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.imagemagick.org/script/changelog.php

Https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950

Use ImageMagick to draw a three-color schematic diagram

In Linux, PHP supports ImageMagick and MagicWandForPHP.

Image Magic with ImageMagick in Linux

Installation of ImageMagick and MagicWand For PHP in Linux

Install ImageMagick and JMagick in Linux

For details about ImageMagick, click here
ImageMagick: click here

This article permanently updates the link address: