A memory-safe replacement for imagemagick. It's also really fast!
Vulnerabilities in image processing are devastating, because image processing is everywhere. The share of memory safety vulnerabilities across all software is 70%, and in image manipulation it is even higher: binary format parsing is notorious for these kinds of vulnerabilities.
It is not a theoretical concern. Every C image parsing library has a history of serious memory safety vulnerabilities. Imagemagick itself has had many more. And they are being exploited in the wild.
Trying to secure massive memory-unsafe codebases is untenable, but migrating to memory safe languages works.
Thanks to Rust, we can now eradicate these vulnerabilities once and for all, without sacrificing performance!
The underlying image format decoders and encoders are very mature. The Rust community has been developing them and using them in production for years. They have been tested on millions of real-world images.
wondermagick itself is in the early stages of development. We are currently focusing on converting and resizing images, which is the most common workload for imagemagick.
You can help by:
- Funding this project, so that we could advance both
wondermagickand the Rustimagelibrary. - Donating to https://www.memorysafety.org/, a registered non-profit, so they could complete
rav1dwhich will enable us to decode AVIF images. (encoding already works) - Contributing to the libraries
wondermagickrelies on. We publish a list of such issues affecting us. - Implementing more
imagemagickcommands inwondermagick. See CONTRIBUTING.md for details on code contributions. - Making bindings to Rust
imagefor your favourite language. Making drop-in replacements for other memory-unsafe systems. Not the whole world runs onimagemagick.