Multiple vulnerabilities in ImageMagick
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2016-3718 CVE-2016-3717 CVE-2016-3716 CVE-2016-3715 |
| CWE-ID | CWE-918 CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Vulnerability #4 is being exploited in the wild. |
| Vulnerable software Subscribe |
ImageMagick Client/Desktop applications / Multimedia software |
| Vendor | ImageMagick.org |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Server Side Request Forgery
EUVDB-ID: #VU5850
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-3718
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable application.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
Update to version 6.9.3-10 or 7.0.1-1.
Vulnerable software versionsImageMagick: 6.9.3-0 - 7.0.1-1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Information disclosure
EUVDB-ID: #VU5849
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-3717
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening it, generate output files and obtain sensitive information.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Update to version 6.9.3-10 or 7.0.1-1.
Vulnerable software versionsImageMagick: 6.9.3-0 - 7.0.1-1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Security bypass
EUVDB-ID: #VU5848
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-3716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to properly prevent file move operations when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening, bypass security mechanism and move certain files on the affected system.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Update to version 6.9.3-10 or 7.0.1-1.
Vulnerable software versionsImageMagick: 6.9.3-0 - 7.0.1-1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Input validation error
EUVDB-ID: #VU5847
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-3715
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to delete arbitrary files on the target system.
The weakness exists due to input validation error. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger an error in the ephemeral pseudo-protocol and delete certain files on the affected system.
Successful exploitation of the vulnerability results in deletion of arbitrary files on the vulnerable system.
Update to version 6.9.3-10 or 7.0.1-1.
Vulnerable software versionsImageMagick: 6.9.3-0 - 7.0.1-1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
