Description
Multiple vulnerabilities were reported in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if the application is processing user submitted images. Many image processing plugins depend on the ImageMagick library, including, but not limited to, PHP's imagick, Ruby's rmagick and paperclip, and nodejs's imagemagick.
Remediation
Verify that all image files begin with the expected "magic bytes" corresponding to the image file types you support before sending them to ImageMagick for processing. Consult Web references for more information about this vulnerability.
References
Related Vulnerabilities
WordPress Plugin Secure File Manager Remote Code Execution (2.8.1)
JBoss InvokerTransformer Remote Code Execution
WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)
Apache Log4j2 JNDI Remote Code Execution
WordPress Plugin Master Popups Remote Code Execution (1.0.0)