Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2016-3717

Published: 05/05/2016 Updated: 12/02/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 715
Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N
Subscribe to Ubuntu Linux

Vulnerability Summary

The LABEL coder in ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1 allows remote malicious users to read arbitrary files via a crafted image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

canonical ubuntu linux 16.04

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

redhat enterprise linux server supplementary eus 6.7z

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux server eus 7.2

redhat enterprise linux desktop 6.0

redhat enterprise linux hpc node eus 7.2

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

imagemagick imagemagick 7.0.0-0

imagemagick imagemagick

imagemagick imagemagick 7.0.1-0

Vendor Advisories

Debian CVElist Bug Report Logs: graphicsmagick: SVG parsing issues (CVE-2016-2317, CVE-2016-2318)
Debian Bug report logs - #814732 graphicsmagick: SVG parsing issues (CVE-2016-2317, CVE-2016-2318) Package: src:graphicsmagick; Maintainer for src:graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Feb 2016 19:27:01 UTC Severity: important ...
Ubuntu Security Notice: imagemagick vulnerabilities
Several security issues were fixed in ImageMagick ...
Debian Security Advisories: DSA-3580-1 imagemagick -- security update
Nikolay Ermishkin from the MailRu Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input An attacker with control on the image input could, with the privileges of th ...
Amazon Linux AMI: ALAS-2016-699
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands wit ...
Red Hat: CVE-2016-3717
It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow ...

Exploits

Exploit DB: ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
Nikolay Ermishkin from the MailRu Security Team discovered several vulnerabilities in ImageMagick We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version (693-9 released 2016-04-30 legacyimagemagickorg/script/changelogphp), but this fix seems to be incomplete We are sti ...

References

CWE-200https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588https://www.imagemagick.org/script/changelog.phphttp://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLoghttp://www.openwall.com/lists/oss-security/2016/05/03/18http://www.ubuntu.com/usn/USN-2990-1http://rhn.redhat.com/errata/RHSA-2016-0726.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlhttp://www.debian.org/security/2016/dsa-3580http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlhttps://security.gentoo.org/glsa/201611-21https://www.exploit-db.com/exploits/39767/https://lists.debian.org/debian-lts-announce/2018/06/msg00009.htmlhttp://www.securityfocus.com/archive/1/538378/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814732https://usn.ubuntu.com/2990-1/https://www.exploit-db.com/exploits/39767/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook