Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Rosetta

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Rosetta
    3. Knowledge Articles
    4. ImageMagick Security Issue CVE-2016–3714 "ImageTragick"

    ImageMagick Security Issue CVE-2016–3714 "ImageTragick"

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Explanation of the threat
    2. How to disable the vulnerable coders
    ImageMagick is a third party application used by Rosetta to manipulate image files. Here we explain how to mitigate ImageMagick Security Issue CVE-2016–3714 "ImageTragick"

    Explanation of the threat

    This vulnerability can lead to remote code execution if specially constructed image files are submitted.

    See: https://imagetragick.com/

     

    In most cases Rosetta will mitigate the threat as the presence of the appropriate "Magic Byte" sequence in image files will be ensured by the validation stack, however to completely mitigate the threat it is necessary to disable the vulnerable coders in the ImageMagick configuration.

    How to disable the vulnerable coders

    The following lines should be added to this configuration file:

    /exlibris/product/ImageMagick-6.6.1-10/lib/ImageMagick-6.6.1/config/policy.xml

     

    <policymap>
      <policy domain="coder" rights="none" pattern="EPHEMERAL" />
      <policy domain="coder" rights="none" pattern="URL" />
      <policy domain="coder" rights="none" pattern="HTTPS" />
      <policy domain="coder" rights="none" pattern="MVG" />
      <policy domain="coder" rights="none" pattern="MSL" />
      <policy domain="coder" rights="none" pattern="TEXT" />
      <policy domain="coder" rights="none" pattern="SHOW" />
      <policy domain="coder" rights="none" pattern="WIN" />
      <policy domain="coder" rights="none" pattern="PLT" />
    </policymap>
    
    View article in the Exlibris Knowledge Center
    1. Back to top
      • METS encoded UTF-8 with byte order mark may cause the ingest to fail
      • multiple tilde ( ~ ) and underscore in some NFS SF deposit directories
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Knowledge Article
      Language
      English
      Product
      Rosetta
    2. Tags
      1. 3rd party
      2. Rosetta
      3. Security
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved