It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.
Find out more about CVE-2016-3714 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 6.8 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
CVSS3 Base Score | 8.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (ImageMagick) | RHSA-2016:0726 | 2016-05-09 |
Red Hat Enterprise Linux 7 (ImageMagick) | RHSA-2016:0726 | 2016-05-09 |
Platform | Package | State |
---|---|---|
Red Hat OpenShift Enterprise 2 | ImageMagick | Affected |
Red Hat Enterprise Linux 5 | ImageMagick | Will not fix |
Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071
Red Hat Enterprise Linux 6 and 7
================================
As a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:
<policy domain="coder" rights="none" pattern="EPHEMERAL" />
<policy domain="coder" rights="none" pattern="HTTPS" />
<policy domain="coder" rights="none" pattern="HTTP" />
<policy domain="coder" rights="none" pattern="URL" />
<policy domain="coder" rights="none" pattern="FTP" />
<policy domain="coder" rights="none" pattern="MVG" />
<policy domain="coder" rights="none" pattern="MSL" />
<policy domain="coder" rights="none" pattern="TEXT" />
<policy domain="coder" rights="none" pattern="LABEL" />
<policy domain="coder" rights="none" pattern="SHOW" />
<policy domain="coder" rights="none" pattern="WIN" />
<policy domain="coder" rights="none" pattern="PLT" />
<policy domain="path" rights="none" pattern="@*" />
within the policy map stanza:
<policymap>
...
</policymap>
Red Hat Enterprise Linux 5
==========================
In the following folders:
/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)
or
/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)
Rename the following files:
* mvg.so to mvg.so.bak
* msl.so to msl.so.bak
* label.so to label.so.bak