Page History

...

ERROR filtering, skipping bitstream:
        Item Handle: 1234/5678
        Bundle Name: ORIGINAL
        File Size: 30406135
        Checksum: c1df4b3a4755e9bed956383b61fc5042 (MD5)
        Asset Store: 0
org.im4java.core.CommandException: org.im4java.core.CommandException: convert.im6: not authorized `/tmp/impdfthumb6294641076817830415.pdf' @ error/constitute.c/ReadImage/454.

OR
 
org.im4java.core.CommandException: convert-im6.q16: attempt to perform an operation not allowed by the security policy 'PDF' @ error/constitute.c/IsCoderAuthorized/421

These may be caused by a change in your ImageMagick policy configuration on your server. 

...

• This exclusion was implemented to workaround a security vulnerability in Ghostscript reported here: https://www.kb.cert.org/vuls/id/332928This vulnerability looks like it may have been fixed
• According to that vulnerability report, this was patched in Ghostscript v9.25: https://www.ghostscript.com/doc/9.25/News.htm (Still pending verification – see launchpad ticket linked 24 (or above)

The newly added lines in the /etc/ImageMagick/policy.xml are these ones:

<!-- disable ghostscript format types -->
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />

If you wish To fix the error above requires you to re-enable ImageMagick to process Ghostscript format types, you can simply comment out those . That can be done by simply commenting out those new "policy" lines in the configuration file .  Be aware that, as the fix to this vulnerability is not yet verified, you should only do so at your own risk(surround them with <!-- and --> to comment out)

Be aware that you MUST ensure you are running Ghostscript v9.24 or later to ensure that you are not at risk for the above security vulnerability in older versions of Ghostscript.

"convert-im6.q16: cache resources exhausted" errors

...