adding safe guard against ImageMagick vulnerability CVE-2016-3714

firstlookmedia / pdf-redact-tools

a set of tools to help with securely redacting and stripping metadata from documents before publishing

Other

530 stars 50 forks source link

adding safe guard against ImageMagick vulnerability CVE-2016-3714 #17

Closed jbolger closed 8 years ago

jbolger commented 8 years ago

Added a simple check on the input filename to ensure that it is an actual PDF prior to handing off to ImageMagick. Without this check, malicious files masquerading as PDFs can trigger arbitrary command execution.

Because this tool is only supported by Mac and Linux, this is accomplished using the system command file and verifying its output.

jbolger commented 8 years ago

I've only tested this on Linux Mint. It should work on Mac as well, however I have not tested this yet.

micahflee commented 8 years ago

Thank you so much