Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

Gentoo FoundationGLSA-201611-21

HistoryNov 30, 2016 - 12:00 a.m.

Vulners
/
Gentoo
/
ImageMagick: Multiple vulnerabilities

ImageMagick: Multiple vulnerabilities

2016-11-3000:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%

JSON

Background

ImageMagick is a collection of tools and libraries for many image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.6.2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/imagemagick< 6.9.6.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-gfx/imagemagick	< 6.9.6.2	UNKNOWN

nessus 31

f5 9

slackware 2

amazon 1

openvas 26

centos 1

suse 6

redhat 1

exploitpack 1

altlinux 1

freebsd 1

mageia 1

exploitdb 2

oraclelinux 2

seebug 2

zdt 2

debian 6

osv 7

cloudfoundry 2

ubuntu 2

archlinux 3

attackerkb 3

redhatcve 8

cvelist 8

ubuntucve 8

debiancve 9

alpinelinux 4

prion 9

nvd 9

cve 8

checkpoint_advisories 5

veracode 7

cisa_kev 3

thn 1

symantec 1

vulnrichment 1

myhack58 1

packetstorm 1

hackerone 1

threatpost 2

cert 1

nessus

GLSA-201611-21 : ImageMagick: Multiple vulnerabilities (ImageTragick)

2016-12-01 00:00:00

openSUSE Security Update : ImageMagick (openSUSE-2016-569) (ImageTragick)

2016-05-09 00:00:00

openSUSE Security Update : ImageMagick (openSUSE-2016-574) (ImageTragick)

2016-05-09 00:00:00

SOL10550253 - ImageMagick vulnerability CVE-2016-3715

2016-05-13 00:00:00

SOL25102203 - ImageMagick vulnerability CVE-2016-3716

2016-05-13 00:00:00

SOL29154575 - ImageMagick vulnerability CVE-2016-3717

2016-05-13 00:00:00

slackware

[slackware-security] imagemagick

2016-05-11 06:33:30

[slackware-security] imagemagick

2016-05-11 06:33:30

amazon

Important: ImageMagick

2016-05-11 11:00:00

openvas

RedHat Update for ImageMagick RHSA-2016:0726-01

2016-05-10 00:00:00

CentOS Update for ImageMagick CESA-2016:0726 centos7

2016-05-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:1275-1)

2021-06-09 00:00:00

centos

ImageMagick security update

2016-05-09 17:51:59

suse

Security update for ImageMagick (important)

2016-05-07 13:08:32

Security update for ImageMagick (important)

2016-05-07 14:07:41

Security update for ImageMagick (important)

2016-05-11 17:08:09

redhat

(RHSA-2016:0726) Important: ImageMagick security update

2016-05-09 16:56:15

exploitpack

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities

2016-05-04 00:00:00

altlinux

Security fix for the ALT Linux 7 package ImageMagick version 6.8.4.10-alt3.M70P.1

2016-05-20 00:00:00

freebsd

ImageMagick -- multiple vulnerabilities

2016-05-03 00:00:00

mageia

Updated imagemagick/ruby-rmagic packages fix security vulnerability

2016-05-20 14:38:30

exploitdb

ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

2016-05-04 00:00:00

ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)

2016-05-09 00:00:00

oraclelinux

ImageMagick security update

2016-05-09 00:00:00

ImageMagick security update

2016-06-16 00:00:00

seebug

ImageMagick 命令执行漏洞 (ImageTragick)

2016-05-04 00:00:00

Wordpress 4.5.1 Remote Command Execute

2016-05-05 00:00:00

zdt

ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)

2016-05-04 00:00:00

ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)

2016-05-09 00:00:00

debian

[SECURITY] [DLA 486-1] imagemagick security update

2016-05-23 02:34:38

[SECURITY] [DSA 3580-1] imagemagick security update

2016-05-16 17:37:08

[SECURITY] [DSA 3580-1] imagemagick security update

2016-05-16 17:37:08

osv

imagemagick - security update

2016-05-16 00:00:00

imagemagick - security update

2016-05-23 00:00:00

graphicsmagick - security update

2016-05-21 00:00:00

cloudfoundry

USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick) | Cloud Foundry

2016-06-13 00:00:00

USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry

2016-12-27 00:00:00

ubuntu

ImageMagick vulnerabilities

2016-06-02 00:00:00

ImageMagick vulnerabilities

2016-11-30 00:00:00

archlinux

[ASA-201610-6] imagemagick: multiple issues

2016-10-08 00:00:00

imagemagick: information leakage

2016-07-29 00:00:00

imagemagick: arbitrary code execution

2016-05-05 00:00:00

attackerkb

CVE-2016-3715

2016-05-05 00:00:00

CVE-2016-3718

2016-05-05 00:00:00

CVE-2016-3714

2016-05-05 00:00:00

redhatcve

CVE-2016-7906

2016-10-03 09:18:08

CVE-2016-3716

2016-05-03 15:49:02

CVE-2016-6491

2016-07-29 07:48:21

cvelist

CVE-2016-7906

2017-01-18 17:00:00

CVE-2016-6491

2016-12-13 15:00:00

CVE-2016-3716

2016-05-05 18:00:00

ubuntucve

CVE-2016-7906

2016-10-04 00:00:00

CVE-2016-7799

2016-10-04 00:00:00

CVE-2016-3716

2016-05-05 00:00:00

debiancve

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-7799

2017-01-18 17:59:00

CVE-2016-3717

2016-05-05 18:59:07

alpinelinux

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-7799

2017-01-18 17:59:00

CVE-2016-6491

2016-12-13 15:59:09

prion

Design/Logic Flaw

2017-01-18 17:59:00

Out-of-bounds

2017-01-18 17:59:00

Code injection

2016-05-05 18:59:00

nvd

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-3717

2016-05-05 18:59:07

CVE-2016-7799

2017-01-18 17:59:00

cve

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-7799

2017-01-18 17:59:00

CVE-2016-6491

2016-12-13 15:59:09

checkpoint_advisories

ImageMagick Pseudo Protocol Use Local Information Disclosure (CVE-2016-3717)

2016-06-29 00:00:00

ImageMagick SyncExifProfile Out Of Bounds Array Indexing (CVE-2016-7799)

2017-01-04 00:00:00

ImageMagick Server Side Request Forgery (CVE-2016-3718)

2016-06-29 00:00:00

veracode

Information Disclosure

2017-02-01 07:28:18

Server-Side Request Forgery (SSRF)

2017-02-01 07:03:28

Arbitrary File Moving

2017-02-01 08:02:13

cisa_kev

ImageMagick Improper Input Validation Vulnerability

2024-09-09 00:00:00

ImageMagick Server-Side Request Forgery (SSRF) Vulnerability

2021-11-03 00:00:00

ImageMagick Arbitrary File Deletion Vulnerability

2021-11-03 00:00:00

thn

Warning — Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution

2016-05-03 22:59:00

symantec

SA151: ImageMagick RCE Vulnerability (ImageTragick)

2017-07-05 08:00:00

vulnrichment

CVE-2016-3714

2016-05-05 18:00:00

myhack58

How to pass the command injection vulnerability fix Yahoo subsidiary production servers-vulnerability warning-the black bar safety net

2017-06-06 00:00:00

packetstorm

ImageMagick Delegate Arbitrary Command Execution

2016-05-06 00:00:00

hackerone

Internet Bug Bounty: Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)

2016-04-21 00:00:00

threatpost

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

2019-06-25 22:47:50

Public Exploits Available for ImageMagick Vulnerabilities

2016-05-04 12:17:05

cert

ImageMagick does not properly validate input before processing images using a delegate

2016-05-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%

JSON

Related for GLSA-201611-21