convert:not authorized `aaaa` @ error/constitute.c/ReadImage/453

Question

I want to create a captcha pic by use convert from ImageMagick.

And I follow this, but there are some problem .

Input In my linux shell:

Answer 1

The answer with highest votes (I have not enough reputation to add comment there) suggests to comment out the MVG line, but have in mind this:

CVE-2016-3714

ImageMagick supports ".svg/.mvg" files which means that attackers can craft code in a scripting language, e.g. MSL (Magick Scripting Language) and MVG (Magick Vector Graphics), upload it to a server disguised as an image file and force the software to run malicious commands on the server side as described above. For example adding the following commands in a file and uploading it to a webserver that uses a vulnerable ImageMagick version will result in running the command "ls -la" on the server.

exploit.jpg:

push graphic-context viewbox 0 0 640 480 fill 'url(https://website.com/image.png"|ls "-la)' pop graphic-context

And

Any version below 7.0.1-2 or 6.9.4-0 is potentially vulnerable and affected parties should as soon as possible upgrade to the latest ImageMagick version.

Source