TL;DR: There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.


Ryan Huber of Slack Security reports the existence of multiple vulnerabilities in ImageMagic in a post on ImageTragick. He writes:

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.

If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities by doing at least one these two things (but preferably both!)

This may interest you:   Intrusion Detection with Windows Event ID's