For those wondering, this issue (referred to as YB2 or Yahoobleed #2 by the author) has <i>already been fixed</i> by Yahoo:<p>> Yahoo! fixed YB2 at the same time as YB1, by retiring ImageMagick.
This is YB (Yahoobleed) #2. You might also enjoy YB #1: "*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images": <a href="https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html" rel="nofollow">https://scarybeastsecurity.blogspot.com/2017/05/bleed-contin...</a>