ImageMagick | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have disclosed details of two security flaws in the open source  ImageMagick software  that could potentially lead to a denial-of-service (DoS) and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were  addressed  in ImageMagick  version 7.1.0-52 , released in November 2022. A brief description of the flaws is as follows - CVE-2022-44267  - A DoS vulnerability that arises when parsing a PNG image with a filename that's a single dash ("-") CVE-2022-44268  - An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image That said, an attacker must be able to upload a malicious image to a website using ImageMagick so as to weaponize the flaws remotely. The specially crafted image, for its part, can be created by inserting a  text chunk  that specifies some metadata of th...

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This popular image-processing library made headline last year with the discovery of the then-zero-day vulnerability, dubbed ImageTragick , which allowed hackers to execute malicious code on a Web server by uploading a maliciously-crafted image. Now, just last week, security researcher Chris Evans demonstrated an 18-byte exploit to the public that could be used to cause Yahoo servers to leak other users' private Yahoo! Mail image attachments. 'Yahoobleed' Bug Leaks Images From Server Memory The exploit abuses a security vulnerability in the ImageMagick library, which Evans dubbed...

A serious zero-day vulnerability has been discovered in ImageMagick , a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The ImageMagick tool is supported by many programming languages, including Perl, C++, PHP, Python, Ruby and is being deployed by Millions of websites, blogs, social media platforms, and popular content management systems (CMS) such as WordPress and Drupal. Slack security engineer Ryan Huber disclosed a zero-day flaw (CVE-2016–3714) in the ImageMagick image processing library that allows a hacker to execute malicious code on a Web server by uploading maliciously-crafted image. For example, by uploading a booby-trapped selfie to a web service that uses ImageMagick, an attacker can execute malicious code on the website...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...