Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-3714

Опубликовано: 05 мая 2016
Источник: debian
EPSS Критический

Описание

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:6.9.6.2+dfsg-2package
graphicsmagickfixed1.3.24-1package

Примечания

  • Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3

  • https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588

  • Original upstream applied patches are incomplete and still to be finished

  • https://imagetragick.com/

  • notice how the workaround differs between the three refs above

  • PLT format removed with: https://github.com/ImageMagick/ImageMagick/commit/e87116ab2bd070c47943d4118a18c8f3a47461e2

  • https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/

  • https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/

EPSS

Процентиль: 100%
0.93863
Критический

Связанные уязвимости

ubuntu логотип

CVE-2016-3714

CVSS3: 8.4
ubuntu
больше 9 лет назад

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

redhat логотип

CVE-2016-3714

CVSS3: 8.4
redhat
больше 9 лет назад

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

nvd логотип

CVE-2016-3714

CVSS3: 8.4
nvd
больше 9 лет назад

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

suse-cvrf логотип

SUSE-SU-2016:1301-1

suse-cvrf
около 9 лет назад

Security update for ImageMagick

github логотип

GHSA-24cp-26gx-3pp4

CVSS3: 8.4
github
около 3 лет назад

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

EPSS

Процентиль: 100%
0.93863
Критический