Earlier this month, researchers revealed that the popular image-processing suite ImageMagick is plagued by a serious vulnerability that allows attackers to execute arbitrary code on vulnerable servers by uploading a specially crafted image file. The flaw, tracked as CVE-2016-3714 and dubbed “ImageTragick,” can be exploited to target websites that allow users to upload images, such as profile pictures.
View full story
ORIGINAL SOURCE: Security Week