A security vulnerability in the open source ImageMagick graphics tool used by a large number of websites could allow a malicious payload to be executed onsite.
ImageMagick, an open source suite of tools for working with graphic images used by a large number of websites, has been found to contain a serious security vulnerability that puts sites using the software at risk for malicious code to be executed onsite. Security experts consider exploitation to be so easy they’re calling it “trivial,” and exploits are already circulating in the wild. The biggest risk is to sites that allows users to upload their own image files.
Information about the vulnerability was made public Tuesday afternoon by Ryan Huber, a developer and security researcher, who wrote that he had little choice but to post about the exploit.