Vulnerability Details : CVE-2016-3714
Public exploit exists!
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
Vulnerability category: Input validationExecute code
Exploit prediction scoring system (EPSS) score for CVE-2016-3714
Probability of exploitation activity in the next 30 days: 96.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-3714
-
ImageMagick Delegate Arbitrary Command Execution
Disclosure Date: 2016-05-03First seen: 2020-04-26exploit/unix/fileformat/imagemagick_delegateThis module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (fo
CVSS scores for CVE-2016-3714
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
8.4
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2016-3714
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3714
-
http://www.openwall.com/lists/oss-security/2016/05/03/13
oss-security - ImageMagick Is On Fire -- CVE-2016-3714Mailing List
-
http://www.ubuntu.com/usn/USN-2990-1
USN-2990-1: ImageMagick vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
[security-announce] openSUSE-SU-2016:1326-1: important: Security updateThird Party Advisory
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
https://access.redhat.com/security/vulnerabilities/2296071
ImageTragick - ImageMagick Filtering Vulnerability - CVE-2016-3714 - Red Hat Customer PortalThird Party Advisory
-
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
503 Service UnavailablePatch
-
http://rhn.redhat.com/errata/RHSA-2016-0726.html
RHSA-2016:0726 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016Third Party Advisory
-
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
ImageMagick Security Issue - ImageMagickVendor Advisory
-
https://www.kb.cert.org/vuls/id/250519
VU#250519 - ImageMagick does not properly validate input before processing images using a delegateThird Party Advisory;US Government Resource
-
http://www.debian.org/security/2016/dsa-3746
Debian -- Security Information -- DSA-3746-1 graphicsmagickThird Party Advisory
-
https://www.exploit-db.com/exploits/39767/
ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/39791/
ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
[security-announce] SUSE-SU-2016:1260-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
[security-announce] SUSE-SU-2016:1301-1: important: Security update forThird Party Advisory
-
http://www.securitytracker.com/id/1035742
ImageMagick File Processing Input Validation Flaw Lets Remote Users Read/Move/Delete Arbitrary Files and Execute Arbitrary Commands - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
ImageMagick Delegate Arbitrary Command ExecutionThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/05/03/18
oss-security - Re: ImageMagick Is On Fire -- CVE-2016-3714Mailing List
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016Third Party Advisory
-
http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
ImageTragick ImageMagick Proof Of Concepts ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/89848
ImageMagick CVE-2016-3714 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://www.imagemagick.org/script/changelog.php
ImageMagick - ChangelogVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
[security-announce] openSUSE-SU-2016:1261-1: important: Security updateThird Party Advisory
-
https://security.gentoo.org/glsa/201611-21
ImageMagick: Multiple vulnerabilities (GLSA 201611-21) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3580
Debian -- Security Information -- DSA-3580-1 imagemagickThird Party Advisory
-
http://www.securityfocus.com/archive/1/538378/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1332492
1332492 – (CVE-2016-3714, ImageTragick) CVE-2016-3714 ImageMagick: Insufficient shell characters filteringIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
[security-announce] openSUSE-SU-2016:1266-1: important: Security updateThird Party Advisory
-
https://imagetragick.com/
ImageTragickVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
[security-announce] SUSE-SU-2016:1275-1: important: Security update forThird Party Advisory
Products affected by CVE-2016-3714
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*