ImageMagick Mogrify: Apply vs. Convert to Profile
I have installed ImageMagick on a Linux server hosting a WordPress site. If I run the command mogrify -profile PATH/TO/sRGB.icm MY_TARGET_IMAGE ...will that apply the profile or convert the image to that profile? The docs seem to be confusing on this issue. The top of http://www.imagemagick.org/script/mogrify.php says: "Use the mogrify program to resize an image, blur, crop, despeckle, dither, draw on, flip, join, re-sample, and much more. This tool is similar to convert except that the original image file is overwritten (unless you change the file suffix with the -format option) with any changes you request." …which makes me think conversion. But http://www.imagemagick.org/script/command-line-options.php#profile says: "Using -profile filename adds an ICM (ICC color management), IPTC (newswire information), or a generic profile to the image." ...which suggests assignment/application. But then, this, from the same page, a couple paragraphs down: "It is important to note that results may depend on whether or not the original image already has an included profile. Also, keep in mind that -profile is an "operator" (as opposed to a "setting") and therefore a conversion is made each time it is encountered, in order, in the command-line." (But it's unclear to me if this is alluding to the convrt command, but not mogrify.) Then there's this this, from http://www.imagemagick.org/script/mogrify.php, down at the -profile listing: -profile filename add, delete, or apply an image profile It does SEEM like it's doing an apply action, but I'm not 100% sure. Color me confused. I'm looking for a way to apply an sRGB profile to untagged images, via the command line, in Linux. And I apparently can't install Argyll, since I don't have admin privileges: It's a shared server. I did succeed in doing a local install of ImageMagick (also allegedly requiring admin privileges), via instructions here <http://www.photopost.com/magicknoroot-php.html>, but using current versions. ___________________________________________ RICK GORDON EMERALD VALLEY GRAPHICS AND CONSULTING ___________________________________________ WWW: http://www.shelterpub.com
Rick Gordon wrote:
I have installed ImageMagick on a Linux server hosting a WordPress site.
If I run the command mogrify -profile PATH/TO/sRGB.icm MY_TARGET_IMAGE ...will that apply the profile or convert the image to that profile?
Beware that ImageMagick has had (and may still have) flaws that allow an attacker to take over a server, if they are able to get it to process a specially crafted image file. ImageMagick has had a lot of work done on it recently to fix these sorts of bugs, but there are still issues being reported, and any program that tries to support dozens of different image formats is highly prone to these sorts of problems. See <https://lwn.net/Articles/710797/> and <https://imagetragick.com/> for instance. If you are just running it yourself manually on known image files, this is probably not an issue for you.
Color me confused. I'm looking for a way to apply an sRGB profile to untagged images, via the command line, in Linux. And I apparently can't install Argyll, since I don't have admin privileges: It's a shared server.
You can certainly use things like ArgyllCMS cctiff and other utilities without admin privileges - it isn't needed unless you want to connect an instrument and the systems USB isn't configured in a sympathetic way. But also be aware that cctiff has not been tested or hardened with a hostile environment in mind, although its attack surface is probably a bit smaller than ImageMagick, since it only supports three binary file formats (ICC, TIFF and JPEG). Cheers, Graeme Gill.
I don't find any evidence that these have not all been addressed in ImageMagick 7.0.1-9 and 6.9.4-7 and greater. All software has security issues; this was a particularly pernicious one and was fixed rather quickly. The press on it seems particularly strongly and publicly motivated, I might add. Jeff
On Jan 22, 2017, at 2:48 PM, Graeme Gill <graeme2@argyllcms.com> wrote:
Rick Gordon wrote:
I have installed ImageMagick on a Linux server hosting a WordPress site.
If I run the command mogrify -profile PATH/TO/sRGB.icm MY_TARGET_IMAGE ...will that apply the profile or convert the image to that profile?
Beware that ImageMagick has had (and may still have) flaws that allow an attacker to take over a server, if they are able to get it to process a specially crafted image file. ImageMagick has had a lot of work done on it recently to fix these sorts of bugs, but there are still issues being reported, and any program that tries to support dozens of different image formats is highly prone to these sorts of problems. See <https://lwn.net/Articles/710797/> and <https://imagetragick.com/> for instance.
If you are just running it yourself manually on known image files, this is probably not an issue for you.
Color me confused. I'm looking for a way to apply an sRGB profile to untagged images, via the command line, in Linux. And I apparently can't install Argyll, since I don't have admin privileges: It's a shared server.
You can certainly use things like ArgyllCMS cctiff and other utilities without admin privileges - it isn't needed unless you want to connect an instrument and the systems USB isn't configured in a sympathetic way. But also be aware that cctiff has not been tested or hardened with a hostile environment in mind, although its attack surface is probably a bit smaller than ImageMagick, since it only supports three binary file formats (ICC, TIFF and JPEG).
Cheers,
Graeme Gill. _______________________________________________ Do not post admin requests to the list. They will be ignored. Colorsync-users mailing list (Colorsync-users@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/colorsync-users/jnova%40colorhythm.c...
This email sent to jnova@colorhythm.com
-- Jeff NovaChief Executive OfficerColorhythm jnova@colorhythm.comMain: +1 415-399-9921Mobile:+1 510-710-9590Fax: +1 415-399-9928 1015 Battery Street, Suite CSan Francisco CA 94111http://colorhythm.com Please consider our environmentbefore printing this email Colorhythm is a certified Green Business:This electronic mail and the documents accompanying it are considered trade secret, confidential and/or proprietary by Colorhythm LLC. This information is intended for use by the individual or entity to whom this e-mail is addressed. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.
participants (3)
-
Graeme Gill
-
Jeff Nova
-
Rick Gordon