The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. (CVE-2016-3715)
Note: This vulnerability is one of the series of vulnerabilities known as ImageTragick.
Impact
Exploiting this vulnerability may result in limited loss of files or folders; however, it is not known to cause significant loss to the BIG-IP system at this time. BIG-IP systems that use a WebAcceleration profile configured with the Image Optimization settings (AAM, WebAccelerator, and Edge Gateway), are vulnerable to this issue. BIG-IQ and Enterprise Manager systems are not vulnerable in their default configuration; however, the vulnerable code exists on these systems and can be made exploitable if themogrify binary is used to perform image optimization remotely.