If anyone is using ImageMagick image processing library as part of a plugin, it may be a good idea to temporarily disable it if your website allows image upload from users. Read more http://arstechnica.com/security/2016/05/exploits-gone-wild-hackers-target-critical-image-processing-bug/

To clarify in case someone is unsure, the default installation does not use the ImageMagick library. You would have had to intentionally choose to use ImageMagick by installing this addon:

viewtopic.php?f=8&t=7222

[KK]

I'd also like to add that even if someone is using the addon @tim mentioned, if the site does not allow anonymous visitors to upload images then the vulnerability, IMHO, doesn't affect the site.

In Couch, only admins are allowed to use the 'image' editable region (which allows image uploads), so that is not of much concern.

If, however, your site is using 'securefile' editable region to allow anonymous visitors to upload images, it should be prudent to disable ImageMagick till the host upgrades to a securer version.

To be fair, 'securefile' puts all uploads through several checks (including independently verifying the type of the image) so it is unlikely that a malicious image (which, according to https://imagetragick.com/, have to be of types like svg or mvg to carry the payload - types that securefile does not allow) could make its way to ImageMagick for processing.

However, when it comes to security we cannot be cautious enough so it is advisable to disable ImageMagick if your site uses 'securefile'.