ImageMagick security policy 'PDF' blocking conversion

pdf linux ubuntu imagemagick imagemagick-convert

The Imagemagick security policy seems to be not allowing me perform this conversion from pdf to png. Converting other extensions seem to be working, just not from pdf. I haven't changed any of the imagemagick settings since I installed it... I am using Arch Linux, if the OS matters.

user@machine $ convert -density 300 -depth 8 -quality 90 input.pdf output.png
convert: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
convert: no images defined `output.png' @ error/convert.c/ConvertImageCommand/3288.

Well, I added

  <policy domain="coder" rights="read | write" pattern="PDF" />

just before </policymap> in /etc/ImageMagick-7/policy.xml and that makes it work again, but not sure about the security implications of that.


This issue is a workaround for a security vulnerability. The vulnerability has been addressed in Ghostscript 9.24 (source), so if you have that or a newer version, you don't need the workaround anymore.

On Ubuntu 19.10 through 21.04 and probably any later versions coming with ImageMagick 6, here's how you fix the issue by removing the workaround:

  1. Make sure you have Ghostscript ≥9.24:

    gs --version

  2. If yes, just remove this whole following section from /etc/ImageMagick-6/policy.xml:

    <!-- disable ghostscript format types -->
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />

As pointed out in some comments, you need to edit the policies of ImageMagick in /etc/ImageMagick-7/policy.xml. More particularly, in ArchLinux at the time of writing (05/01/2019) the following line is uncommented:

<policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />

Just wrap it between <!-- and --> to comment it, and pdf conversion should work again.

Related

Python string.replace regular expression [duplicate]
How do I read CSV data into a record array in NumPy?
How to get the file extension in PHP? [duplicate]
In Android, how do I set margins in dp programmatically?
dyld: Library not loaded: /usr/local/opt/icu4c/lib/libicui18n.62.dylib error running php after installing node with brew on Mac
How to set cornerRadius for only top-left and top-right corner of a UIView?
Difference between __getattr__ vs __getattribute__
How do you unit test private methods?
Superscript in markdown (Github flavored)?
What is %2C in a URL?
How to use the ternary operator inside an interpolated string?
Using cURL to upload POST data with files