A new research demonstrates how a specially crafted SVG file can lead to arbitrary code execution when processed by ImageMagick, which relies on Ghostscript to render PostScript content. The vulnerability exists in the default configuration, where ImageMagick automatically delegates processing to Ghostscript, allowing an attacker to write arbitrary files and achieve remote code execution.

Exploitation requires no elevated privileges — uploading a malicious SVG file through a standard image resize or conversion feature is sufficient. As a result, an attacker can execute commands with the privileges of the image-processing service, potentially leading to privilege escalation and full server compromise.

📎 Article: https://blog.deephacking.tech/en/posts/imagepanick-from-svg-to-rce-imagemagick-ghostscript/

💬 Discuss

ImageMagick and Ghostscript: the path from SVG to RCE