:: Re: [DNG] Security Policies
Top Page
Delete this message
Reply to this message
Author: Benjamin Riefenstahl
To: Ken Dibble
CC: dng
Subject: Re: [DNG] Security Policies
Hi Ken,

Ken Dibble writes:
>>> The first thought was the 'convert' tool from imagemagick.?? It
>>> would not allow me to change the jpegs to pdf.???? The reason given
>>> was imagemagick security policy.

> My post was more about the insanity behind this and whether anyone is
> going to do anything about it.

Actually, there was a vulerability found some years ago where using
ImageMagick (or rather Ghostscript, the delegate for PDF and Postscript)
was a component of the scenario. See

I'd say the problem was real for PDF as input (like random stuff you
find on the internet), but I do not think it was real for PDF as output.
I'm guessing that ImageMagick only had the rather blunt tool of
disabling PDF and PS altogether to mitigate here.

See <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964090> about the
state of things in Debian.

Hope this helps,