This vulnerability affects applications that:
* Use the ImageMagick handler for image processing (imagick
as the image library)
* AND either:
* Allow file uploads with user-controlled filenames and process uploaded images using the resize()
method
* OR use the text()
method with user-controlled text content or options
An attacker can: * Upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed * OR provide malicious text content or options that get executed when adding text to images
Upgrade to v4.6.2 or later.
gd
, the default handler), which is not affected by either vulnerabilitygetRandomName()
when using the move()
method, or use the store()
method, which automatically generates safe filenamespreg_replace('/[^a-zA-Z0-9\s.,!?-]/', '', $text)
and validate/restrict text options{ "github_reviewed_at": "2025-07-28T16:08:20Z", "nvd_published_at": "2025-07-28T15:15:26Z", "github_reviewed": true, "cwe_ids": [ "CWE-78" ], "severity": "CRITICAL" }