• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

ImageMagick vs GD....?

Floyd R Turbo

Well-known member
#1
So what is the difference between these 2 options, and why would one even need ImageMagick?

In chatting with my web host admin, he said it's been depreciated and replaced with something else, which is why it's not an option to install it directly via WHM or cPanel. So it's this weird package you have to install via shell, I did it once, but just switched servers and now I'm racking my brain trying to figure out how to do it again.

Googling the instructions leads you down a friggin rabbit hole of endless paths explained by people who speak a totally different language so I'm completely lost. Hence the "why is it even needed" question...

TIA
Bud
 

Tracy Perry

Well-known member
#3
Actually... the resizing of GIF's.
With GD they would lose any animation they may have. With ImageMagic they can maintain the animation.
 

Floyd R Turbo

Well-known member
#4
Ok, so it's really only about animation? i.e. animated pics/avatars. But non-animated GIFs would not be affected, I'm guessing.

Actually... the resizing of GIF's.
I think I might have needed that for AndyB's Image Resizer also. But I don't need that now that all the old images (pre-XF) are resized
 

Tracy Perry

Well-known member
#5
There are a few other benefits to it... but nothing that is really earth shattering. If consistent animated GIF's are not important to you (specifically thinking avatars) then GD2 is fine.
 

Tracy Perry

Well-known member
#9
Nothing anywhere near as bad as ImageMagick.
  • gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317)
  • double-free in gdImageWebPtr() (CVE-2016-6912)
  • potential unsigned underflow in gd_interpolation.c (CVE-2016-10166)
  • DOS vulnerability in gdImageCreateFromGd2Ctx() (CVE-2016-10167)
  • Signed Integer Overflow gd_io.c (CVE-2016-10168)
  • Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow (CVE-2016-5767)
  • #215 Stack overflow with gdImageFillToBorder (CVE-2015-8874, CVE-2016-9933)
  • NULL Pointer Dereference at _gdScaleVert
I guess it depends on what you refer to as "bad". My point is they all have issues that have to be resolved. It is totally dependent on what your needs/requirements are. ImageMagick supports more file types and has many more features as compared to GD2.
 

Brent W

Well-known member
#10
I guess it depends on what you refer to as "bad". My point is they all have issues that have to be resolved. It is totally dependent on what your needs/requirements are. ImageMagick supports more file types and has many more features as compared to GD2.
Bad: https://imagetragick.com/

I am not saying there aren't potential security issues with GD but GD is a requirement for XenForo and Imagemagick isn't. I don't need any features of ImageMagick to make it worth the while of opening up those potential holes.
 

thedude

Well-known member
#11
ImageMagick has some extras above GD that may be of interest to XF admins. One example is that IM is able to preserve ICC color profiles that some jpegs embed to give them "correct" color representation on the screen. Here's the patch Mike added to enable that.

@Brent W is correct that IM has had its share of security problems. We compile our version from source to make sure we have the latest fixes, which eases some concern for us.
 

Tracy Perry

Well-known member
#12
@Brent W is correct that IM has had its share of security problems. We compile our version from source to make sure we have the latest fixes, which eases some concern for us.
yep, and if you use CentMin it's taken care of also. When one becomes dependent on the distribution channel to release the fixes into the ported/supported packages then you have a delay.
 

eva2000

Well-known member
#13
yep, and if you use CentMin it's taken care of also. When one becomes dependent on the distribution channel to release the fixes into the ported/supported packages then you have a delay.
Yeah Centmin Mod's imagemagick install took care of Imagetragick. But to each his own for choice between GD vs ImageMagick

I like ImageMagick as it's what I used for my optimise-image.sh batch image optimisation and conversion script https://github.com/centminmod/optimise-images