Is Redmine affected by the ImageTragick security flaw?

Added by Simen Endsjø almost 8 years ago

There are multiple vulnerabilities in ImageMagick, a package commonly used by
web services to process images. One of the vulnerabilities can lead to remote
code execution (RCE) if you process user submitted images. The exploit for this
vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library,
including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and
nodejs’s imagemagick.

Replies (2)

RE: Is Redmine affected by the ImageTragick security flaw? - Added by Angelo Bertolli almost 8 years ago

Yes, if you have an issue tracker with attachments. Someone uploads an image and then rmagick is used to modify the image (e.g. create a thumbnail) could allow them to execute code on your system.

RE: Is Redmine affected by the ImageTragick security flaw? - Added by Toshi MARUYAMA almost 8 years ago

http://www.redmine.org/news/106

(1-2/2)

Project

General

Profile

Redmine

Is Redmine affected by the ImageTragick security flaw?

Replies (2)

RE: Is Redmine affected by the ImageTragick security flaw? - Added by Angelo Bertolli almost 8 years ago

RE: Is Redmine affected by the ImageTragick security flaw? - Added by Toshi MARUYAMA almost 8 years ago