CVE-2016-3716

Severity

43%

Complexity

86%

Confidentiality

48%

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

CVSS 3.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 8 years ago

2016-05-05 18:59:00

Last updated 6 years ago

2018-10-09 20:00:00

Affected Software

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.10

15.10

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

ImageMagick

ImageMagick 7.0.0-0

7.0.0-0

ImageMagick 7.0.1-0

7.0.1-0

Red Hat Enterprise Linux Desktop 6.0

6.0

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux HPC Node 6.0

6.0

RedHat Enterprise Linux HPC Node 7.0

7.0

Red Hat Enterprise Linux HPC Node EUS 7.2

7.2

Red Hat Enterprise Linux Server 6.0

6.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Server AUS 7.2

7.2

Red Hat Enterprise Linux Server EUS 7.2

7.2

Red Hat Enterprise Linux Server Supplementary EUS 6.7z

6.7z

Red Hat Enterprise Linux Workstation 6.0

6.0

RedHat Enterprise Linux Workstation 7.0

7.0

References

http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog

Patch, Vendor Advisory

SUSE-SU-2016:1260

openSUSE-SU-2016:1261

openSUSE-SU-2016:1266

SUSE-SU-2016:1275

RHSA-2016:0726

Third Party Advisory

DSA-3580

[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714

Exploit

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

20160513 May 2016 - HipChat Server - Critical Security Advisory

SSA:2016-132-01

USN-2990-1