Credit: Stewie and Nikolay Ermishkin
ImageTragick describes a happy family of shell command injection vulnerabilities in the popular ImageMagick library. ImageMagick is commonly used by websites to convert or resize users’ pretentious avatar pics. Instead of uploading a picture of themselves doing something excitingly adventurous or saving the world, an attacker can upload a specially crafted SVG (Shells Via Graphics) or MVG (Missing Validation Graphics) file format images that execute chosen shell commands on the remote server.