ImageMagick is a tool used to convert, edit, compose bitmap images. It has libraries available for common programming languages like PHP, .net, Python etc.

At this moment the latest version of ImageMagick ( ImageMagick-7.0.1 ) allows attacker to execute his own command remotely.

We can prevent this venerbility by preventing HTTPS, TEXT. MVG etc in the policy.xml file. Below are the entries we need to add in the mentioned file. Also we can verify the same using the command “convert -list policy”.

 
 <policy domain="coder" rights="none" pattern="EPHEMERAL" />
 <policy domain="coder" rights="none" pattern="HTTPS" />
 <policy domain="coder" rights="none" pattern="MVG" />
 <policy domain="coder" rights="none" pattern="MSL" />
 <policy domain="coder" rights="none" pattern="TEXT" />
 <policy domain="coder" rights="none" pattern="SHOW" />
 <policy domain="coder" rights="none" pattern="WIN" />
 <policy domain="coder" rights="none" pattern="PLT" />