[File] [PATCH] of Magdir/images for ImageMagick Vector Graphic *.mvg

Jörg Jenderek joerg.jen.der.ek at gmx.net
Sun Jan 5 21:41:43 UTC 2020

Hash: SHA1


some weeks ago i had to handle some ImageMagick bitmaps. Then i
also look for other Magick formats like Magick Vector Graphics (

When running file command version 5.38 on such examples and some
test samples these are described as text with mime type text/plain.
More annoying is that dangerous examples like
exploit-CVE-2016-3715.jpg.mvg are described as simple text files.

For comparison reason i run other utilities.
The file identifier tool TrID  (see
http://mark0.net/soft-trid-e.html) describes such MVG examples
correctly as "Magick Vector Graphics" by definition mvg.trid.xml.

On ImageMagick web site this format is described. For that fact i
add to Magdir/images a comment line like:
# Ref.:	https://imagemagick.org/script/magick-vector-graphics.php

Many examples like piechart.mvg looks like:
push graphic-context
 viewbox 0 0 624 369

Normally second lines is intended. The first sample i found that
does not obey this description was file_move.mvg. There second line
was not intended and lines look like:
push graphic-context
viewbox 0 0 640 480

Then i read information mentioned by reference URL. There it is
written that MVG ignores all white-space between commands. So i
modified piechart.mvg after "push" phrase. Instead space character
a tabulator character or a carriage return character or more white
spaces are used. Yes indeed all these variants like
piechart-tabSpace.mvg are valid MVG and are shown by ImageMagick
display command.
So i first look for starting keyword by line
 0	string		push
Next i skip some white spaces and look for next characteristic
words by line
 >5	search/3	graphic-context	ImageMagick Vector Graphic
Instead text/plain as mime type i display a user defined one by line
 !:mime	image/x-mvg
The file name extension for ImageMagick Vector Graphic is shown by
 !:ext	mvg

After applying the above mentioned modifications by patch
file-5.38-images-mvg.diff then i get an output like:

exploit-CVE-2016-3715.jpg.mvg: ImageMagick Vector Graphic
file_move.mvg:                 ImageMagick Vector Graphic
piechart-2.mvg:                ImageMagick Vector Graphic
piechart-NL.mvg:               ImageMagick Vector Graphic
piechart-tab.mvg:              ImageMagick Vector Graphic
piechart-tabSpace.mvg:         ImageMagick Vector Graphic
piechart.mvg:                  ImageMagick Vector Graphic
x.gif.mvg:                     ImageMagick Vector Graphic
piechart-bad.txt:              ASCII text

I hope my diff file can be applied in future version of
file utility.

With best wishes
Jörg Jenderek
- --
Jörg Jenderek

Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

-------------- next part --------------
--- file-5.38/magic/Magdir/images.old	2019-11-23 16:19:47 +0000
+++ file-5.38/magic/Magdir/images	2020-01-05 21:22:33 +0000
@@ -523,6 +523,17 @@
 # ImageMagick-7.0.9-2/Magick++/demo/smile_anim.miff
 >>>0	ubyte		!0x7b
 >>>>0	string		>\0		'%-.14s'
+# URL:		https://imagemagick.org/
+# Reference:	https://imagemagick.org/script/magick-vector-graphics.php
+# From:		Joerg Jenderek
+# Note:		all white-spaces between commands are ignored
+0	string		push
+# skip some white spaces
+>5	search/3	graphic-context	ImageMagick Vector Graphic
+# TODO: look for dangerous commands like CVE-2016-3715
+#!:mime	text/plain
+!:mime	image/x-mvg
+!:ext	mvg
 # Artisan
 0	long		1123028772	Artisan image data
-------------- next part --------------
A non-text attachment was scrubbed...
Name: file-5.38-images-mvg.diff.sig
Type: application/octet-stream
Size: 95 bytes
Desc: not available
URL: <https://mailman.astron.com/pipermail/file/attachments/20200105/e64492a2/attachment.obj>

More information about the File mailing list