Reported over 60 days ago. Is this going to be addressed or fixed???
An image decompression bomb vulnerability exists when vBulletin Options > Message Attachment Options > Resize Images = Yes and ImageMagick is in use.
An image decompression bomb vulnerability exists when allowing user uploads for avatars and profile pictures. To protect your site, change your forum's permissions so that users cannot upload custom avatars or profile pics if the above conditions are met.
An image decompression bomb vulnerability exists when vBulletin Options > Message Attachment Options > Resize Images = Yes and ImageMagick is in use.
An image decompression bomb vulnerability exists when allowing user uploads for avatars and profile pictures. To protect your site, change your forum's permissions so that users cannot upload custom avatars or profile pics if the above conditions are met.
- An image decompression bomb vulnerability exists when using ImageMagick for images and allowing uploads. Currently known issues are for PDFs and TIFFs; however, because the filename of the incoming upload is not trustworthy, removing entries from the Attachment Manager or changing Attachment Permissions are not viable options. The following mitigation options exist:
- Change vBulletin Options > Image Settings > Image Processing Library = GD
- Options > Message Attachment Options > Resize Images = No
- Change your forum's permissions so that no users can upload anything.
Comment