[dokuwiki] [SECURITY ALERT] problems in fetch.php

  • From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx <dokuwiki@xxxxxxxxxxxxx>
  • Date: Tue, 26 Sep 2006 22:45:05 +0200

Hi all!

Another two vulnerabilities have been discovered in DokuWiki. Both are
mostly harmful for users of ImageMagick's convert utility only, but
should be quickly fixed by everyone.

The first one is a possible denial of service vulnerability caused by
allowing images being resized unlimited. When libGD is used (default)
the needed RAM is calculated before and the function aborts if not
enough RAM for the PHP process is available (typically 8 to 32MB).
However if ImageMagick ($conf['imconvert']) is used, no such limit
exists, allowing an attacker to potentially consume a lot of system

More info and how to fix this is available at

While examining this problem I discovered another, more serious one.
The input parameters for width and height are not sanitized properly,
which can be used by an attacker to introduce arbitrary shell commands
into the imagemagick commandline. I was not able exploit this with the
default libGD option but all users should apply the fix as soon as
possible anyway.

More info and how to fix this is available at

Both problems are fixed in the new hotfixed tarball available at



Other related posts: