ImageMagick is a software suite used to create, edit, compose, or convert bitmap images. The vulnerability in ImageMagick allows an attacker to execute arbitrary code on your system by manipulating image files, potentially leading to unauthorized access and data theft.
You're affected if you use ImageMagick. Affected versions: 7.1.2, 9, 10 If you don't recognise this software, you're probably not affected.
Upgrade to ImageMagick version 7.1.2-10.
Maven: Update your dependency in pom.xml to org imagemagick:imagemagick-core
If you can't upgrade immediately:
- Set the TIM format to disable the vulnerable parser: -tim-format option when running ImageMagick commands
- Use a different image processing library or tool