Magick++ security issue?

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Post Reply
marc1
Posts: 1
Joined: 2016-05-05T07:04:11-07:00
Authentication code: 1151

Magick++ security issue?

Post by marc1 »

Does the C++ API to ImageMagick (Magick++) suffer from the same security flaws the command line version does?

My C++ windows application utilises the Magick++ library to convert various image formats. This is done in server side code of a web application.

The policy.xml file doesn't currently have any delegates, coders, filters, paths, or resources defined.
The delegates.xml file does not have an HTTPS decode defined.

I have no requirement to support MVG, MSL, or HTTPS.

Any advice would be appreciated.
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: Magick++ security issue?

Post by magick »

Yes, Magick++ is affected. See https://www.imagemagick.org/discourse-s ... =4&t=29588 and add the recommended policies to your policy.xml configuration file. This should effectively prevent the recent reported vulnerabilities.
Post Reply