The open-source software acts as the supporting infrastructure for a number of processing plugins -- including PHP's imagick, Ruby's rmagick, paperclip and node.js's imagemagick.
As content sharing online became ever more popular, these systems now provide a critical service for many web domains.
Recently, researchers discovered a flaw in the system, CVE-2016-3714, which if exploited through the upload of malicious images, leads to remote code execution and hijacked domains, malware distribution and information leaks.
According to researchers at CloudFlare, the flaw -- dubbed by some as "ImageTragick" -- is being actively exploited to attack websites.
There are a number of different exploit kits and scripts which are now implementing CVE-2016-3714, but the worst of which so far implements the Python scripting language. The researchers say:
"The parameters to the program are the IP address and port of a machine to contact. The python code connects to that machine and makes a shell available on the web server to the attacker. At that point the attacker can interact directly with the web server.
With a single exploit they can get remote access and then proceed to further hack the vulnerable Web server at their leisure."
Researchers from Securi have also witnessed cyberattackers using the vulnerability to launch attacks against specific targets with malicious code disguised as benevolent .JPG images.
Although it is not yet known if any of the attacks against websites using ImageMagick have been successful, considering how quickly the vulnerability has been exploited and how wide-ranging ImageMagick's use in websites is, it is likely -- placing not only websites, but users visiting these domains at risk of exposure.