There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images...

imagetragick.com/
archive.is/IbHEp

Other urls found in this thread:

github.com/ctrlcctrlv/infinity/blob/727190d9c3018e8ff0bb884c73fbc97d71da145a/inc/image.php#L168
github.com/ImageMagick/ImageMagick/blob/e93e339c0a44cec16c08d78241f7aa3754485004/MagickCore/delegate.c#L99
github.com/ImageMagick/ImageMagick/commit/06c41aba39b97203f6b9a0be6a2ccf8888cddc93
pastebin.com/raw/aE4sKnCg
twitter.com/SFWRedditVideos

will look lame as fuck on this guys resume

don't we use that to generate thumbnails for Holla Forums?

Looks like there are multiple backends, one of which is IM
github.com/ctrlcctrlv/infinity/blob/727190d9c3018e8ff0bb884c73fbc97d71da145a/inc/image.php#L168

I bet these fucktards still think XFree86 4.4.0 and OpenOffice.org 3 are current.

Looks like the PoC is embargoed so here are the diffs

github.com/ImageMagick/ImageMagick/blob/e93e339c0a44cec16c08d78241f7aa3754485004/MagickCore/delegate.c#L99

github.com/ImageMagick/ImageMagick/commit/06c41aba39b97203f6b9a0be6a2ccf8888cddc93

It's 2 times faster, bu with 50% of the features. Tough choice.

Can someone make Holla Forums play where da hood at on infinite repeat?

Luckily, we have quadratic security

I saw this at work today, and checked that we do indeed have ImageMagick on all our application servers. I spoke to my boss, who said we don't need to apply a patch.

This is the day after my coworker kept reminding them about the Gitlab vulnerability, and they didn't update. That coworker is the only guy who actually patches the TLS vulnerabilities when they come up, and he was just fired today.

sorry for the blog

Fuck off Holla Forums

That's tragick.

Oh gee thanks, now I know those are include definitions!

I don't think this would affect it. It's a bug that happens when you feed Imagemagick files it doesn't support, and Holla Forums checks the file type before it decides whether or not to accept the file and whether or not to generate a thumbnail.

lol

Imagemagick came with my installation.

Is there any other command line image processing tool that comes by default with a lot of linux distros?

This is only a problem if you think you might accidentally process untrustworthy non-image files while thinking they're images between now and when a fix is released.

pastebin.com/raw/aE4sKnCg

...

Time to formally quit. Be sure to make a nice recorded presentation of why you are inclined to resign, with citations and competitors you have ready to hire you.

Would make a nice thread about.

Hint: imgur, postimage, pintrest use gm for many reasons, including this

They're called niggers, user
The correct word is "apartheid"

Why waste time bothering Holla Forums when we can bother a group of people far more sensitive?

Where do you work, perhaps your boss just needs an object lesson?