It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.
Find out more about CVE-2016-5118 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 6.8 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (ImageMagick) | RHSA-2016:1237 | 2016-06-16 |
| Red Hat Enterprise Linux 7 (ImageMagick) | RHSA-2016:1237 | 2016-06-16 |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Enterprise 2 | ImageMagick | Affected |
| Red Hat Enterprise Linux 5 | ImageMagick | Affected |
Vulmon