:: Re: [DNG] Security Policies
Top Page
Delete this message
Reply to this message
Author: capercally.bleery670
Date:  
To: dng
Subject: Re: [DNG] Security Policies
On Fri, Mar 24, 2023 at 08:52:25PM +1000, onefang wrote:

> >    This is the word: insanity. Imagemagick is just great; it can
> >    do things with your images you wouldn't even have thought
> >    of. And it is able to handle all formats. It can do all that
> >    but it won't. Because you are not permitted.


> Perhaps not ALL formats. I was really pissed off at Debian for
> removing support for JPEG 2000 from everything a couple of versions
> back. Sure it's not a popular image format, but it is the format
> used by OpenSim, which I'm heavily involved with, so I have
> thousands if not millions of JPEG 2000 images.


I think both this decision and the restrictive defaults for
Imagemagick are related to multiple CVE grade parsing bugs in the jpeg
parsing libraries. A search of the oss-security list archives may be
informative.

--
Ian