The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 Feb 2023, 23:19
Type | Values Removed | Values Added |
---|---|---|
Summary | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | |
References |
|
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. | |
References |
|
Information
Published : 2016-05-05 18:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-3714
Mitre link : CVE-2016-3714
CVE.ORG link : CVE-2016-3714
JSON object : View
Products Affected
suse
- suse_linux_enterprise_server
opensuse
- opensuse
- leap
imagemagick
- imagemagick
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-20
Improper Input Validation