On 2018-08-23 09:06, Mick wrote: > * For security reasons, a policy.xml file was installed in > * /etc/ImageMagick-7 which will prevent the usage of the following > * coders by default: > * > * - PS > * - EPS > * - PDF > * - XPS
IM spawns ghostscript for these formats, and ghostscript is full of holes (so to speak). See following post and its descendants: http://www.openwall.com/lists/oss-security/2018/08/21/2 -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
