Lucene search

[email protected]CVE-2016-3715

HistoryMay 05, 2016 - 6:59 p.m.

CVE-2016-3715

2016-05-0518:59:04

CWE-284

[email protected]

web.nvd.nist.gov

915

In Wild

cve-2016-3715

imagemagick

ephemeral coder

remote attackers

file deletion

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Affected configurations

NVD

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch6.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.2

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_eusMatch7.2

redhatenterprise_linux_server_supplementary_eusMatch6.7z

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

imagemagickimagemagickRange≤6.9.3-9

imagemagickimagemagickMatch7.0.0-0

imagemagickimagemagickMatch7.0.1-0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

canonicalubuntu_linuxMatch16.04lts

CPENameOperatorVersion
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_hpc_noderedhat enterprise linux hpc nodeeq6.0
redhat:enterprise_linux_hpc_noderedhat enterprise linux hpc nodeeq7.0
redhat:enterprise_linux_hpc_node_eusredhat enterprise linux hpc node euseq7.2
redhat:enterprise_linux_serverredhat enterprise linux servereq6.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_server_ausredhat enterprise linux server auseq7.2
redhat:enterprise_linux_server_eusredhat enterprise linux server euseq7.2
redhat:enterprise_linux_server_supplementary_eusredhat enterprise linux server supplementary euseq6.7z

CPE	Name	Operator	Version
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_hpc_node	redhat enterprise linux hpc node	eq	6.0
redhat:enterprise_linux_hpc_node	redhat enterprise linux hpc node	eq	7.0
redhat:enterprise_linux_hpc_node_eus	redhat enterprise linux hpc node eus	eq	7.2
redhat:enterprise_linux_server	redhat enterprise linux server	eq	6.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_server_aus	redhat enterprise linux server aus	eq	7.2
redhat:enterprise_linux_server_eus	redhat enterprise linux server eus	eq	7.2
redhat:enterprise_linux_server_supplementary_eus	redhat enterprise linux server supplementary eus	eq	6.7z