10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.967 High
EPSS
Percentile
99.7%
ImageMagick does not properly validate user input before processing it using a delegate, which may lead to arbitrary code execution. This issue is also known as โImageTragickโ.
CWE-20**: Improper Input Validation -**CVE-2016-3714
According to the researchers in a mailing list post:
Insufficient filtering for filename passed to delegateโs command allows remote code execution during conversion of several file formats.
ImageMagick allows to process files with external libraries. This feature is called โdelegateโ. It is implemented as a system() with command string (โcommandโ) from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filtering it is possible to conduct shell command injection.
By causing a system to process an image with ImageMagick, an attacker may be able to execute arbitrary commands on a vulnerable system. A common vulnerable configuration would be a web server that allows image uploads that are subsequently processed with ImageMagick.
Exploit code for this vulnerability is publicly available, and according to the ImageTragick website, this vulnerability is already being exploited in the wild.
An unauthenticated remote attacker that can upload crafted image files may be able to execute arbitrary code in the context of the user calling ImageMagick.
Apply an Update
ImageMagick version 6.9.3-10 and 7.0.1-1 have been released to address these issues. Affected users should update to the latest version of ImageMagick as soon as possible.
However, affected users may also apply the following mitigations:
Verify Files and Disable Vulnerable Filters
The researchers suggest that this vulnerability may be mitigated by doing the following:
1. Verify that all image files begin with the expected โmagic bytesโ corresponding to the image file types you support before sending them to ImageMagick for processing.
2. Use a policy file to disable the vulnerable ImageMagick coders.
For more details, please see <https://imagetragick.com/>
250519
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 04, 2016
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 12 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.3 | E:POC/RL:OF/RC:C |
Environmental | 7.3 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
The ImageTragick website credits Stewie and Nikolay Ermishkin of the Mail.Ru Security Team for discovering these vulnerabilities.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2016-3714 |
---|---|
Date Public: | 2016-05-03 Date First Published: |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.967 High
EPSS
Percentile
99.7%