On May 3rd the ImageMagick security team posted on their blog a possible remote code execution vulnerability involving specially crafted images. For those that haven’t seen the news yet, ImageMagick is a widely used open source program for converting and managing images. You might use it, for example, if you were a website that lets users upload their own profile picture. Those users could upload a specially crafted image that would be executed by the ImageMagick application and potentially cause a remote code execution on the host.
Shortly after ImageMagick posted on their blog, the vulnerability was discussed in various online mailing lists and forums.
Read more “No Magick Here: How to Detect ImageTragick (CVE-2016–3714) With Threat Stack”