{"id":12142,"date":"2016-05-06T15:04:30","date_gmt":"2016-05-06T15:04:30","guid":{"rendered":"https:\/\/www.heartinternet.uk\/blog\/?p=12142"},"modified":"2016-05-06T15:04:30","modified_gmt":"2016-05-06T15:04:30","slug":"vulnerability-discovered-imagemagick","status":"publish","type":"post","link":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/","title":{"rendered":"Vulnerability discovered in ImageMagick"},"content":{"rendered":"

There\u2019s been a major vulnerability discovered in ImageMagick \u2013 known officially as CVE-2016-3714<\/a>, or unofficially as ImageTragick. You can read more about this vulnerability in the Ars Technica article \u201cHuge number of sites imperilled by critical image-processing vulnerability\u201d<\/a>, on the website ImageTragick<\/a>, or on the Openwall mailing list<\/a>.<\/p>\n

ImageMagick is a common piece of software used to edit, resize, and manipulate images. Many applications, including WordPress, use ImageMagick to upload and edit images, and many web servers have ImageMagick installed as a convenient way to provide image manipulation to their users.<\/p>\n

Unfortunately, this vulnerability is very easy to exploit \u2013 any image uploader that uses ImageMagick to edit its files can be affected. An attacker uploads a file that has the name of an image (i.e. \u201cfile.jpg\u201d) but contains information that can access files on your server or cause even more damage. You can read about what attackers can do in The Register\u2019s article \u201cServer-jacking exploits for ImageMagick are so trivial, you\u2019ll scream\u201d<\/a>.<\/p>\n

While ImageMagick has not yet been fully patched yet, there is a convenient way for system administrators to temporarily protect against these exploits. You can read more about it on the ImageMagick forums<\/a>.<\/p>\n

To do this, open the policy.xml file in your ImageMagick directory, and add these five lines between <policymap><\/code> and <\/policymap><\/code>:<\/p>\n

<policy domain=\"coder\" rights=\"none\" pattern=\"EPHEMERAL\" \/>
\n<policy domain=\"coder\" rights=\"none\" pattern=\"HTTPS\" \/>
\n<policy domain=\"coder\" rights=\"none\" pattern=\"MVG\" \/>
\n<policy domain=\"coder\" rights=\"none\" pattern=\"MSL\" \/>
\n<policy domain=\"coder\" rights=\"none\" pattern=\"TEXT\" \/>
\n<\/code><\/p>\n

Once you\u2019ve added these lines, you can verify it by running this command:<\/p>\n

convert -list policy<\/code><\/p>\n

Which will show you the rights for the files in question.<\/p>\n

We have adjusted policy.xml on our servers. This means that all shared hosting customers and resellers are protected.<\/p>\n

If you have ImageMagick on your self-managed VPS or Dedicated Server, we heavily recommend you apply these changes or disable ImageMagick altogether.<\/p>\n

If you have further questions, please raise a ticket with our Customer Services team<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

There\u2019s been a major vulnerability discovered in ImageMagick \u2013 known officially as CVE-2016-3714. There is a way for system administrators to protect against this vulnerability.<\/p>\n","protected":false},"author":2,"featured_media":9842,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,14,23,25,29],"tags":[],"class_list":{"0":"post-12142","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-dedicated-servers","8":"category-hybrid-servers","9":"category-vps","10":"category-web-hosting","11":"category-your-website"},"yoast_head":"\nVulnerability discovered in ImageMagick - Heart Internet<\/title>\n<meta name=\"description\" content=\"There has been a major vulnerability discovered in ImageMagick. Here is the latest information we have on it and how you can protect against it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability discovered in ImageMagick - Heart Internet\" \/>\n<meta property=\"og:description\" content=\"There has been a major vulnerability discovered in ImageMagick. Here is the latest information we have on it and how you can protect against it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\" \/>\n<meta property=\"og:site_name\" content=\"Heart Internet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/heartinternet\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-06T15:04:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1620\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Eliot Chambers-Ostler\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:site\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eliot Chambers-Ostler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\"},\"author\":{\"name\":\"Eliot Chambers-Ostler\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28\"},\"headline\":\"Vulnerability discovered in ImageMagick\",\"datePublished\":\"2016-05-06T15:04:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\"},\"wordCount\":303,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg\",\"articleSection\":[\"Dedicated Servers\",\"Hybrid Servers\",\"VPS\",\"Web Hosting\",\"Your Website\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\",\"name\":\"Vulnerability discovered in ImageMagick - Heart Internet\",\"isPartOf\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg\",\"datePublished\":\"2016-05-06T15:04:30+00:00\",\"description\":\"There has been a major vulnerability discovered in ImageMagick. Here is the latest information we have on it and how you can protect against it.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg\",\"width\":1620,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.heartinternet.uk\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability discovered in ImageMagick\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/heartblog.victory.digital\/#website\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"name\":\"Heart Internet\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/heartblog.victory.digital\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\",\"name\":\"Heart Internet\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"width\":992,\"height\":252,\"caption\":\"Heart Internet\"},\"image\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/heartinternet\/\",\"https:\/\/x.com\/heartinternet\",\"https:\/\/www.linkedin.com\/company\/heart-internet-ltd\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28\",\"name\":\"Eliot Chambers-Ostler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg\",\"caption\":\"Eliot Chambers-Ostler\"},\"url\":\"https:\/\/www.heartinternet.uk\/blog\/author\/eliot-chambers-ostler\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability discovered in ImageMagick - Heart Internet","description":"There has been a major vulnerability discovered in ImageMagick. Here is the latest information we have on it and how you can protect against it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/","og_locale":"en_GB","og_type":"article","og_title":"Vulnerability discovered in ImageMagick - Heart Internet","og_description":"There has been a major vulnerability discovered in ImageMagick. Here is the latest information we have on it and how you can protect against it.","og_url":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/","og_site_name":"Heart Internet","article_publisher":"https:\/\/www.facebook.com\/heartinternet\/","article_published_time":"2016-05-06T15:04:30+00:00","og_image":[{"width":1620,"height":720,"url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg","type":"image\/jpeg"}],"author":"Eliot Chambers-Ostler","twitter_card":"summary_large_image","twitter_creator":"@heartinternet","twitter_site":"@heartinternet","twitter_misc":{"Written by":"Eliot Chambers-Ostler","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#article","isPartOf":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/"},"author":{"name":"Eliot Chambers-Ostler","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28"},"headline":"Vulnerability discovered in ImageMagick","datePublished":"2016-05-06T15:04:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/"},"wordCount":303,"commentCount":0,"publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg","articleSection":["Dedicated Servers","Hybrid Servers","VPS","Web Hosting","Your Website"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/","url":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/","name":"Vulnerability discovered in ImageMagick - Heart Internet","isPartOf":{"@id":"https:\/\/heartblog.victory.digital\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg","datePublished":"2016-05-06T15:04:30+00:00","description":"There has been a major vulnerability discovered in ImageMagick. Here is the latest information we have on it and how you can protect against it.","breadcrumb":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#primaryimage","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/09\/applications-background.jpg","width":1620,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/www.heartinternet.uk\/blog\/vulnerability-discovered-imagemagick\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.heartinternet.uk\/blog\/"},{"@type":"ListItem","position":2,"name":"Vulnerability discovered in ImageMagick"}]},{"@type":"WebSite","@id":"https:\/\/heartblog.victory.digital\/#website","url":"https:\/\/heartblog.victory.digital\/","name":"Heart Internet","description":"","publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/heartblog.victory.digital\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/heartblog.victory.digital\/#organization","name":"Heart Internet","url":"https:\/\/heartblog.victory.digital\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","width":992,"height":252,"caption":"Heart Internet"},"image":{"@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/heartinternet\/","https:\/\/x.com\/heartinternet","https:\/\/www.linkedin.com\/company\/heart-internet-ltd"]},{"@type":"Person","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28","name":"Eliot Chambers-Ostler","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg","caption":"Eliot Chambers-Ostler"},"url":"https:\/\/www.heartinternet.uk\/blog\/author\/eliot-chambers-ostler\/"}]}},"_links":{"self":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/12142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/comments?post=12142"}],"version-history":[{"count":0,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/12142\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media\/9842"}],"wp:attachment":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media?parent=12142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/categories?post=12142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/tags?post=12142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}