Published: 05/05/2016 Updated: 12/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.3 | Impact Score: 4 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The (1) HTTP and (2) FTP coders in ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1 allow remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04
imagemagick imagemagick 7.0.0-0
imagemagick imagemagick
imagemagick imagemagick 7.0.1-0
redhat enterprise linux server supplementary eus 6.7z
redhat enterprise linux desktop 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux hpc node 6.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux server eus 7.2
redhat enterprise linux desktop 6.0
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0

Debian Bug report logs - #814732 graphicsmagick: SVG parsing issues (CVE-2016-2317, CVE-2016-2318) Package: src:graphicsmagick; Maintainer for src:graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Feb 2016 19:27:01 UTC Severity: important ...

Several security issues were fixed in ImageMagick ...

Nikolay Ermishkin from the MailRu Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input An attacker with control on the image input could, with the privileges of th ...

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands wit ...

A server-side request forgery flaw was discovered in the way ImageMagick processed certain images A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images ...

Nikolay Ermishkin from the MailRu Security Team discovered several vulnerabilities in ImageMagick We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version (693-9 released 2016-04-30 legacyimagemagickorg/script/changelogphp), but this fix seems to be incomplete We are sti ...

Change UploadScanner extension a bit to suit some of the target

UploadScanner Burp extension A Burp Suite Pro extension to do security tests for HTTP file uploads Table of Contents Abstract Main feature Installation Tutorials About Background information and FAQ TL;DR and important infos Basics Checklist I broke the website, omg, what did I do? Limitations Detecting issues Detecting successful uploads FlexiInjector - Detecting requests

HTTP file upload scanner for Burp Proxy

UploadScanner Burp extension A Burp Suite Pro extension to do security tests for HTTP file uploads Table of Contents Abstract Main feature Installation Tutorials About Background information and FAQ TL;DR and important infos Basics Checklist I broke the website, omg, what did I do? Limitations Detecting issues Detecting successful uploads FlexiInjector - Detecting requests

CWE-20 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 https://www.imagemagick.org/script/changelog.php http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://www.openwall.com/lists/oss-security/2016/05/03/18 http://www.ubuntu.com/usn/USN-2990-1 http://rhn.redhat.com/errata/RHSA-2016-0726.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://www.debian.org/security/2016/dsa-3580 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html https://security.gentoo.org/glsa/201611-21 https://www.exploit-db.com/exploits/39767/https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html http://www.securityfocus.com/archive/1/538378/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814732 https://usn.ubuntu.com/2990-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/39767/

CVE-2016-3718

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect