ImageMagick security policy 'PDF' blocking conversion

This issue is a workaround for a security vulnerability. The vulnerability has been addressed in Ghostscript 9.24 (source), so if you have that or a newer version, you don't need the workaround anymore.

On Ubuntu 19.04 through 22.04 and probably any later versions coming with ImageMagick 6, here's how you fix the issue by removing the workaround:

  1. Make sure you have Ghostscript ≥9.24:

    gs --version
    
  2. If yes, just remove this whole following section from /etc/ImageMagick-6/policy.xml:

    <!-- disable ghostscript format types -->
    <policy domain="coder" rights="none" pattern="PS" />
    <policy domain="coder" rights="none" pattern="PS2" />
    <policy domain="coder" rights="none" pattern="PS3" />
    <policy domain="coder" rights="none" pattern="EPS" />
    <policy domain="coder" rights="none" pattern="PDF" />
    <policy domain="coder" rights="none" pattern="XPS" />
    

Well, I added

  <policy domain="coder" rights="read | write" pattern="PDF" />

just before </policymap> in /etc/ImageMagick-7/policy.xml and that makes it work again, but not sure about the security implications of that.


As pointed out in some comments, you need to edit the policies of ImageMagick in /etc/ImageMagick-7/policy.xml. More particularly, in ArchLinux at the time of writing (05/01/2019) the following line is uncommented:

<policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />

Just wrap it between <!-- and --> to comment it, and pdf conversion should work again.


For me on Arch Linux, I had to comment this:

  <policy domain="delegate" rights="none" pattern="gs" />