ImageTragick issue: how to verify images and documents to protect from renamed malicious files - ByteScout
Announcement
Our ByteScout SDK products are sunsetting as we focus on expanding new solutions.
Learn More Open modal
Close modal
Announcement Important Update
ByteScout SDK Sunsetting Notice
Our ByteScout SDK products are sunsetting as we focus on our new & improved solutions. Thank you for being part of our journey, and we look forward to supporting you in this next chapter!
PDF.co
Introducing PDF.co
Try PDF.co for document processing & automation via Web APIs
Learn More Service link
MuPDF
Introducing MuPDF
Try MuPDF.NET for advanced document processing solutions in your .NET environment
Learn More Service link
×
  • Home
  • /
  • Blog
  • /
  • ImageTragick issue: how to verify images and documents to protect from renamed malicious files

ImageTragick issue: how to verify images and documents to protect from renamed malicious files

Yesterday, the critical security flaw revealed in the popular ImageMagick image processing package. The security issue allows executing the code by passing a specifically modified image. This is a serious threat to any service that relies on ImageMagick should protect their installation as soon as possible.

The site dedicated to this “ImageTragick” issue advises to “If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities by doing at least one of these two things (but preferably both!)”:

  1. Use a policy file into disabling the vulnerable ImageMagick coders (see the detailed instruction and how to verify that policies are set correctly)
  2. Verify that all uploaded images are corresponding to expected file formats by checking the file header.

To verify uploaded images and documents you may use some of these ways:

What about Javascript or if you don’t want to use the additional module or need to check the file before uploading it to your server? ByteScout Cloud API provides the solution for this case with its /file/verify REST Web API.

Example:

curl https://api.pdf.co/api/v1/file/verify \
-d apiKey=YOUR_API_KEY \ 
-d expected=PNG \
-d simple=true \
-d input=https://upload.wikimedia.org/wikipedia/commons/b/b4/JPEG_example_JPG_RIP_100.jpg

As the passed URL contains JPG image, the request will return:

invalid, detected jpg

If the expected type corresponds to the actual format then it will return the simple short response: ok

You may also get a detailed response including the detected file type and the detected mime type.

Example:

curl https://api.pdf.co/api/v1/file/verify \
-d apiKey=YOUR_API_KEY \ 
-d expected=PNG \
-d input=https://upload.wikimedia.org/wikipedia/commons/b/b4/JPEG_example_JPG_RIP_100.jpg

The response for this request will be (JSON):

{
"mime":"image/jpeg",
"detected":"jpg",
"expected":"png",
"success":false,
"filename":"JPEG_example_JPG_RIP_100.jpg"
}

With Cloud API you may verify image files and PDF files before processing them further and protect them from malicious scripts or files masking as images or documents.

   

About the Author

ByteScout Team ByteScout Team of Writers ByteScout has a team of professional writers proficient in different technical topics. We select the best writers to cover interesting and trending topics for our readers. We love developers and we hope our articles help you learn about programming and programmers.  
AUTOMATE WITH PDF.CO API PLATFORM
prev
next

Related Posts

How to Block Access to WordPress Website from a Specific Country
How to Block Access to WordPress Website from a Specific Country

If you see a spike in popularity from particular countries to your firm's WordPress site, along with a significant rise in spamming in remarks or...

How to Program In Algol for MainFrame
How to Program In Algol for MainFrame

Are you looking to learn about how to program in ALGOL programming language for mainframe computers? If you do, then you have come to the...