Trouble with batch conversion of .png to .pdf using convert

pdf convert imagemagick png
94,691

Solution 1

convert is a powerful command line tool to convert graphics. Its support for PDF is provided by Ghostscript. Because of a significant security hole in Ghostscript prior to version 9.24, use of convert on PDF files has been blocked as a stopgap. The issue has been fixed since Ghostscript version 9.24. While Ghostscript versions are updated to secure versions in all supported Ubuntu versions (at this time from Ubuntu 16.04 onwards), the usage restriction may still be in place.

The policy file is /etc/ImageMagick-6/policy.xml. You may edit that file as root user to change the policies.

Eliminating all usage restrictions

For desktop users not running a webserver, simply eliminating these restrictions might be good enough. To that aim, one may delete the file, but it is better practice to "move the file out" by renaming it. With this command, you are renaming the file. As a result, all policies are lifted, but you still can revert if needed:

sudo mv /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xmlout

To revert to the original situation, just rename back to the original name:

sudo mv /etc/ImageMagick-6/policy.xmlout /etc/ImageMagick-6/policy.xml

Be well aware that moving the policy file out decreases system security.

Eliminating only the restriction to combine into PDF

For your specific case, gene_wood in a comment pointed to the posibility to selectively relax the policy for working with PDF files by commenting out one line:

<policy domain="coder" rights="none" pattern="PDF" />

Edit the file, and place comment marks around this line to disable this rule:

<!-- <policy domain="coder" rights="none" pattern="PDF" /> -->

If you do not want to eliminate all security policies, this is the way to go.

Solution 2

As vanadium posted, you have to change the ImageMagick policy.

sudo vim /etc/ImageMagick-6/policy.xml

and replace the line 

<policy domain="coder" rights="none" pattern="PDF" />

with

<policy domain="coder" rights="read|write" pattern="PDF" />

If you only want to allow write, and not read, you can also erase the read| part in the line above.

BTW, for those who are interested about the ImageMagick vulnerability, here are 2 informational links:

Solution 3

Rather than re-loosening ImageMagick's security restrictions, I'd just use img2pdf.

It's specifically designed for this kind of use-case.

You should use img2pdf if your priorities are (in this order):

  • always lossless: the image embedded in the PDF will always have the exact same color information for every pixel as the input
  • small: if possible, the difference in filesize between the input image and the output PDF will only be the overhead of the PDF container itself
  • fast: if possible, the input image is just pasted into the PDF document as-is without any CPU hungry re-encoding of the pixel data

Conventional conversion software (like ImageMagick) would either:

  1. not be lossless because lossy re-encoding to JPEG
  2. not be small because using wasteful flate encoding of raw pixel data
  3. not be fast because input data gets re-encoded

Another advantage of not having to re-encode the input (in most common situations) is, that img2pdf is able to handle much larger input than other software, because the raw pixel data never has to be loaded into memory.

This should be the equivalent command:

img2pdf --out myfile.pdf /home/bill/TempScan/*.png

If, for some reason, you can't do that (eg. can't install new packages), another potential avenue for lossless conversion would be to convert your images into a multi-page TIFF file and then use tiff2pdf from the libtiff tools.

Solution 4

Solution of abu_bua's solution really worked well for me. For convenience here in one command line with sed:

sudo sed -i 's/rights="none" pattern="PDF"/rights="read|write" pattern="PDF"/g' /etc/ImageMagick-6/policy.xml

Solution 5

Here's an even more convenient way that automatically gets the location(s) of the policy.xml file(s) and performs the search/replace on them all:

for file in `convert -list policy | grep "Path:" | grep -v built | sed 's/Path: \(.*\)/\1/g'`; do sed -i 's/domain="coder" rights="none" pattern="PDF"/domain="coder" rights="read|write" pattern="PDF"/g' $file; done
Share:
94,691

Related videos on Youtube

bill-lancaster
Author by

bill-lancaster

Updated on September 18, 2022

Comments

  • bill-lancaster
    bill-lancaster over 1 year 
    convert /home/bill/TempScan/*.png  myfile.pdf

    gives error message:

    convert-im6.q16: not authorized `myfile.pdf' @ error/constitute.c/WriteImage/1037.

    Any help would be appreciated!

  • bill-lancaster
    bill-lancaster over 5 years
    Thanks vanadium, I renamed the file as suggested and it worked a treat.
  • gene_wood
    gene_wood over 5 years
    I went into the policy.xml file and found the line that was preventing me from combining png files into pdfs and commented it out. That line was <policy domain="coder" rights="none" pattern="PDF" /> if you'd like to leave the other rules intact but allow working with pdfs.
  • vanadium
    vanadium over 5 years
    @gene_wood, thank you: I added to the post because it provides more insight and options for users wanting to be more careful in eliminating restrictions.
  • Geppettvs D'Constanzo
    Geppettvs D'Constanzo over 5 years
    Ok, this works in Ubuntu 18.04 with imagemagick 8:6.9.7.4+dfsg-16ubuntu6.4. Thank you.
  • The Ledge
    The Ledge about 5 years
    The second method worked for me, but the first didn't.
  • qwertz
    qwertz about 4 years
    Am I the only one thinking enabling this "feature" by default is pretty stupid? Reminds me of the automatically turned on "magic quotes" in earlier versions of php..
  • vanadium
    vanadium about 4 years
    @qwertz Apparently, they did that because of a vulnerability bug in Ghostscript, which now should be solved. So possibly, this restriction on convert (which uses Ghostscript for this) will not be set anymore in future Ubuntu versions.
  • sudodus
    sudodus almost 4 years
    +1 for good workarounds to avoid ImageMagick's security restrictions :-)
  • Francisco Luz
    Francisco Luz over 3 years
    Short and straight to the point. Great answer.
  • equivalent8
    equivalent8 over 3 years
    one more link to this security issue cromwell-intl.com/open-source/pdf-not-authorized.html but in this article Author states that "PostScript defines a language with unfixable security problems." and "On a server that allows untrusted users to upload data for processing, ImageMagick should have PostScript and PDF disabled" worth reading

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is there a GUI to convert/extract images to/from pdf?
convert several png to one pdf
Convert PDF to images to PDF
imagemagick - convert not allowed
Convert PDF to images in 1920x1080
Convert an image from grayscale to binary
Convert multipage PDF to PNG and back (Linux)
Converting a PDF to PNG
How to insert transparent PNG in PDF?
png images to one pdf in python