Lucene search

K
cveRedhatCVE-2016-3715
HistoryMay 05, 2016 - 6:59 p.m.

CVE-2016-3715

2016-05-0518:59:04
redhat
web.nvd.nist.gov
932
In Wild
2
cve-2016-3715
imagemagick
ephemeral coder
remote attackers
file deletion
nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.818

Percentile

98.4%

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Affected configurations

Nvd
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch6.7
OR
redhatenterprise_linux_eusMatch7.2
OR
redhatenterprise_linux_eusMatch7.3
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_for_ibm_z_systemsMatch6.0_s390x
OR
redhatenterprise_linux_for_ibm_z_systemsMatch7.0_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch6.7_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.2_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.3_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.4_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.5_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.6_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch7.7_s390x
OR
redhatenterprise_linux_for_power_big_endianMatch6.0_ppc64
OR
redhatenterprise_linux_for_power_big_endianMatch7.0_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch6.7_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.2_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.3_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.4_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.5_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.6_ppc64
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.7_ppc64
OR
redhatenterprise_linux_for_power_little_endianMatch7.0_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.2_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.3_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.4_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.5_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.6_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch7.7_ppc64le
OR
redhatenterprise_linux_hpc_nodeMatch6.0
OR
redhatenterprise_linux_hpc_nodeMatch7.0
OR
redhatenterprise_linux_hpc_node_eusMatch7.2
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_from_rhuiMatch6.0
OR
redhatenterprise_linux_server_from_rhuiMatch7.0
OR
redhatenterprise_linux_server_supplementary_eusMatch6.7z
OR
redhatenterprise_linux_server_tusMatch7.2
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
imagemagickimagemagickRange<6.9.3-10
OR
imagemagickimagemagickMatch7.0.0-0
OR
imagemagickimagemagickMatch7.0.1-0
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch15.10
OR
canonicalubuntu_linuxMatch16.04esm
Node
oraclelinuxMatch6-
OR
oraclelinuxMatch7-
OR
oraclesolarisMatch10
OR
oraclesolarisMatch11.3
Node
suselinux_enterprise_debuginfoMatch11sp2
OR
suselinux_enterprise_debuginfoMatch11sp3
OR
suselinux_enterprise_debuginfoMatch11sp4
OR
susemanagerMatch2.1
OR
susemanager_proxyMatch2.1
OR
suseopenstack_cloudMatch5
OR
opensuseleapMatch42.1
OR
opensuseopensuseMatch13.2
OR
suselinux_enterprise_desktopMatch12-
OR
suselinux_enterprise_desktopMatch12sp1
OR
suselinux_enterprise_serverMatch11sp2ltss
OR
suselinux_enterprise_serverMatch11sp3ltss
OR
suselinux_enterprise_serverMatch11sp4
OR
suselinux_enterprise_serverMatch12-
OR
suselinux_enterprise_serverMatch12sp1
OR
suselinux_enterprise_software_development_kitMatch11sp4
OR
suselinux_enterprise_software_development_kitMatch12-
OR
suselinux_enterprise_software_development_kitMatch12sp1
OR
suselinux_enterprise_workstation_extensionMatch12-
OR
suselinux_enterprise_workstation_extensionMatch12sp1
VendorProductVersionCPE
redhatenterprise_linux_server_aus7.6cpe:/o:redhat:enterprise_linux_server_aus:7.6:::
redhatenterprise_linux_hpc_node7.0cpe:/o:redhat:enterprise_linux_hpc_node:7.0:::
redhatenterprise_linux_for_power_little_endian_eus7.4+ppc64lecpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:7.4+ppc64le:::
redhatenterprise_linux_for_ibm_z_systems_eus7.4+s390xcpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4+s390x:::
redhatenterprise_linux_eus7.3cpe:/o:redhat:enterprise_linux_eus:7.3:::
redhatenterprise_linux_desktop6.0cpe:/o:redhat:enterprise_linux_desktop:6.0:::
redhatenterprise_linux_for_ibm_z_systems_eus7.3+s390xcpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3+s390x:::
redhatenterprise_linux_eus7.4cpe:/o:redhat:enterprise_linux_eus:7.4:::
redhatenterprise_linux_server_supplementary_eus6.7zcpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7z:::
redhatenterprise_linux_server_tus7.3cpe:/o:redhat:enterprise_linux_server_tus:7.3:::
Rows per page:
1-10 of 531

References

Social References

More

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.818

Percentile

98.4%