CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0726.html	Third Party Advisory
http://www.debian.org/security/2016/dsa-3580	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/03/18	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Third Party Advisory
http://www.securityfocus.com/archive/1/538378/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568	Third Party Advisory
http://www.ubuntu.com/usn/USN-2990-1	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201611-21	Third Party Advisory
https://www.exploit-db.com/exploits/39767/	Third Party Advisory VDB Entry
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588	Vendor Advisory
https://www.imagemagick.org/script/changelog.php	Release Notes
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0726.html	Third Party Advisory
http://www.debian.org/security/2016/dsa-3580	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/03/18	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Third Party Advisory
http://www.securityfocus.com/archive/1/538378/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568	Third Party Advisory
http://www.ubuntu.com/usn/USN-2990-1	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201611-21	Third Party Advisory
https://www.exploit-db.com/exploits/39767/	Third Party Advisory VDB Entry
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588	Vendor Advisory
https://www.imagemagick.org/script/changelog.php	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.3_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:imagemagick:imagemagick::::::::
	cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:::::::*
	cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Configuration 4 (hide)

OR	cpe:2.3:o:oracle:linux:6:-::::::
	cpe:2.3:o:oracle:linux:7:-::::::
	cpe:2.3:o:oracle:solaris:10:::::::*
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2::::::
	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
	cpe:2.3:a:suse:manager:2.1:::::::*
	cpe:2.3:a:suse:manager_proxy:2.1:::::::*
	cpe:2.3:a:suse:openstack_cloud:5:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1::::::

History

21 Nov 2024, 02:50

24 Jul 2024, 17:05

Information

Published : 2016-05-05 18:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-3718

Mitre link : CVE-2016-3718

CVE.ORG link : CVE-2016-3718

JSON object : View

Products Affected

redhat

enterprise_linux_workstation
enterprise_linux_desktop
enterprise_linux_hpc_node
enterprise_linux_hpc_node_eus
enterprise_linux_server_aus
enterprise_linux_for_ibm_z_systems_eus
enterprise_linux_for_power_big_endian_eus
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_for_ibm_z_systems
enterprise_linux_eus
enterprise_linux_for_power_big_endian
enterprise_linux_for_power_little_endian
enterprise_linux_server_supplementary_eus
enterprise_linux_for_power_little_endian_eus
enterprise_linux_server_from_rhui

suse

manager
openstack_cloud
linux_enterprise_desktop
linux_enterprise_workstation_extension
linux_enterprise_debuginfo
linux_enterprise_software_development_kit
linux_enterprise_server
manager_proxy

opensuse

opensuse
leap

oracle

solaris
linux

canonical

ubuntu_linux

imagemagick

imagemagick

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-3718

5.5^/10

4.3^/10

Attach tags to `CVE-2016-3718`