Hi, image scaling, conversion, rasterization and manipulation is done by by shelling out to ImageMagic, PhantomJS and GhostScript. IM and GS have a history full of security vulnerabilities. PhantomJS is not actively maintained. In addition to serve security vulnerabilities, there might be ways to consume reasonable amounts of memory and CPU time by crafting special files. Running these programs on the same host as the web server or PHP interpreter does, is therefore a risk for us. Is there an easy way to offload image manipultation to another server, like for examle done for MathJax, the Chat Server, the Java server or the STACK-Maxima-Server?
↧