ImageMagick is a popular software suite that is used to display, convert, and edit images. On May 3, security researchers publicly disclosed multiple vulnerabilities in the open-source image processing tool in this suite, one of which could potentially allow remote attackers to take over websites.
This suite can read and write images in over 200 formats including PNG, JPEG-2000, GIF, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Content management systems frequently use it to process any images before they are shown to the user.
The developers of ImageMagick have released updated versions of their software to fix these vulnerabilities. One vulnerability, CVE-2016-3714, allows for remote code execution on the server. This could be used to compromise Web servers and take over websites. Reports indicate that this vulnerability is already being exploited in the wild. Other reported vulnerabilities allow for HTTP/GET requests to be made from the server and for files to be read, moved, or deleted. Proof of concept code for these vulnerabilities is made available by the researchers.