Re: Developer forum is murdering ImageMagick
Confirmed: GraphicsMagick is NOT vulnerable to the particular exploit in this article. It bails out if the file's extension doesn't match its 'magic number' header, and if you give it the proper extension (.mvg) it rejects the malicious 'fill color'.
This does not mean GraphicsMagick is 100% safe.
Meanwhile, turns out it's pretty easy to screw up the policy.xml patch for ImageMagick. Test the exploit code before and after patching, or just switch to GraphicsMagick.