ImageMagick

Pierluigi Paganini February 02, 2023
Experts warn of two flaws in popular open-source software ImageMagick

Experts disclosed details of two security flaws in the open-source software ImageMagick that could potentially lead to information disclosure or trigger a DoS condition. Researchers at Metabase Q discovered a couple of security vulnerabilities in the open-source image manipulation software ImageMagick that could potentially lead to information disclosure or trigger a Denial of Service (DoS) condition (CVE-2022-44268, CVE-2022-44267). ImageMagick is […]

Pierluigi Paganini May 23, 2017
Yahoobleed – Yahoo retired ImageMagick library after flaw leaked private e-mail attachments and credentials

Yahoobleed – Yahoo retired the ImageMagick library after flaw leaked sensitive data, including credentials and e-mail attachments. Supply chain risks are realized when a negative impact to one of your suppliers has a negative impact on your business. If you are a manufacturer, an outage to a component supplier could prevent you from manufacturing; if you […]

Pierluigi Paganini January 18, 2017
Hacker found a way to hack Facebook by exploiting the ImageMagick flaw

The bug hunter Andrew Leonov has described how to exploit an ImageMagick flaw to remotely execute code on a Facebook server. The hacker Andrew Leonov (@4lemon) has described how to exploit the so-called ImageMagick vulnerability to remotely execute code on a Facebook server. The ImageMagick flaw, tracked as CVE-2016-3714, affects the popular image manipulation software, ImageMagick. The flaw could […]

Pierluigi Paganini May 11, 2016
The ImageMagick flaw is being exploited in the wild

The recently discovered ImageMagick critical vulnerability (CVE-2016-3714) is being exploited in the wild for reconnaissance. The security researcher John Graham-Cumming from CloudFlare asserts that his firm recently discovered a critical vulnerability, code named CVE-2016-3714, in the popular image manipulation software, ImageMagick. The flaw could be exploited by hackers to take over websites running the widely used […]