You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to ensure that an attacker cannot execute arbitrary code on my server by (for example) uploading a carefully crafted Postscript with a JPEG file extension. Is there a way to take advantage of the ImageMagick feature that forces an input file format by specifying a module prefix on the filename, such as "jpg:some-file.jpg"? This is suggested as a security precaution for both ImageMagick (see "Other Security Considerations") and GraphicsMagick (see "Safe Use Of The Software", item 6).
The text was updated successfully, but these errors were encountered:
I'd like to ensure that an attacker cannot execute arbitrary code on my server by (for example) uploading a carefully crafted Postscript with a JPEG file extension. Is there a way to take advantage of the ImageMagick feature that forces an input file format by specifying a module prefix on the filename, such as "jpg:some-file.jpg"? This is suggested as a security precaution for both ImageMagick (see "Other Security Considerations") and GraphicsMagick (see "Safe Use Of The Software", item 6).
The text was updated successfully, but these errors were encountered: