The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
12 Feb 2023, 23:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. | |
References |
|
Information
Published : 2016-05-05 18:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-3718
Mitre link : CVE-2016-3718
CVE.ORG link : CVE-2016-3718
JSON object : View
Products Affected
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_eus
- enterprise_linux_hpc_node
- enterprise_linux_server_supplementary_eus
- enterprise_linux_hpc_node_eus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
imagemagick
- imagemagick
canonical
- ubuntu_linux
CWE
CWE-20
Improper Input Validation