Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing.
The first few bytes of a file can often used to identify the type of file. Some examples are GIF images, which start with the hex bytes "47 49 46 38", and JPEG images, which start with "FF D8". This list on Wikipedia has the magic bytes for most common file types.
I have already put the
/etc/ImageMagick/policy.xml
instructions in place in the server:But we still need to do the other thing: check the bytes at the start of an image.
From https://imagetragick.com/ ...