Security Alert: image-processing vulnerabilities

Anna Shvetsova

In the age of extensive development of IT technologies, I bet you’ve already found yourself in the situation when you would completely agree with Gene Spafford’s statement. And you’ve probably guessed already, today I have to share some security related news with you.

Recently, serious vulnerabilities have been detected in two most popular graphic libraries, Image Magick and GD library, so almost all websites processing graphics are at risk. These vulnerabilities allow hackers to execute malicious code on your server hiding it inside image files.

The good news is that the revealed vulnerabilities do not affect X-Cart. Due to X-Cart additional security levels, hackers won’t be able to use Image Magick breaches to crack it. As for GD library compromised functions, they are not present in default X-Cart 5 package at all. And though some of them can be found in X-Cart 4, its security system won’t allow hackers to use these functions for their purposes.

However, you may have custom and third party modules or some other software (such as blog or CMS) installed on your website which can be compromised because of these vulnerabilities. That’s why these issues are worth your attention. We encourage you to contact your server administrator and have him sort these issues out.

Those who are on X-Cart hosting do not need to worry about the issues as both vulnerabilities are closed on our servers.

If you have any additional questions about these security issues and need our assistance, contact us. We’ll be glad to help you.

Sign in