Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

Gentoo FoundationGLSA-201611-21

HistoryNov 30, 2016 - 12:00 a.m.

ImageMagick: Multiple vulnerabilities

2016-11-3000:00:00

Gentoo Foundation

security.gentoo.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Background

ImageMagick is a collection of tools and libraries for many image formats.

Description

Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-gfx/imagemagick-6.9.6.2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/imagemagick< 6.9.6.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-gfx/imagemagick	< 6.9.6.2	UNKNOWN

nessus 34

openvas 26

f5 10

osv 7

debian 10

slackware 2

centos 1

amazon 1

suse 6

exploitpack 1

redhat 1

altlinux 1

oraclelinux 2

mageia 2

freebsd 1

seebug 2

zdt 1

cloudfoundry 2

ubuntu 2

exploitdb 2

archlinux 3

attackerkb 2

redhatcve 10

ubuntucve 10

prion 10

alpinelinux 5

debiancve 10

cve 10

veracode 9

checkpoint_advisories 6

packetstorm 1

threatpost 2

hackerone 1

cert 1

thn 1

myhack58 1

symantec 1

cisa_kev 2

nessus

GLSA-201611-21 : ImageMagick: Multiple vulnerabilities (ImageTragick)

2016-12-01 00:00:00

SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2016:1275-1) (ImageTragick)

2016-05-13 00:00:00

Debian DLA-486-1 : imagemagick security update (ImageTragick)

2016-05-23 00:00:00

openvas

Debian Security Advisory DSA 3580-1 (imagemagick - security update)

2016-05-16 00:00:00

Amazon Linux: Security Advisory (ALAS-2016-699)

2016-10-26 00:00:00

CentOS Update for ImageMagick CESA-2016:0726 centos7

2016-05-10 00:00:00

SOL03151140 - ImageMagick vulnerability CVE-2016-3714

2016-05-09 00:00:00

SOL10550253 - ImageMagick vulnerability CVE-2016-3715

2016-05-13 00:00:00

SOL25102203 - ImageMagick vulnerability CVE-2016-3716

2016-05-13 00:00:00

osv

imagemagick - security update

2016-05-16 00:00:00

imagemagick - security update

2016-05-23 00:00:00

graphicsmagick - security update

2016-05-21 00:00:00

debian

[SECURITY] [DSA 3580-1] imagemagick security update

2016-05-16 17:37:08

[SECURITY] [DSA 3580-1] imagemagick security update

2016-05-16 17:37:08

[SECURITY] [DLA 486-1] imagemagick security update

2016-05-23 02:34:38

slackware

[slackware-security] imagemagick

2016-05-11 06:33:30

[slackware-security] imagemagick

2016-05-11 06:33:30

centos

ImageMagick security update

2016-05-09 17:51:59

amazon

Important: ImageMagick

2016-05-11 11:00:00

suse

Security update for ImageMagick (important)

2016-05-07 13:08:32

Security update for ImageMagick (important)

2016-05-07 14:07:41

Security update for ImageMagick (important)

2016-05-11 17:08:09

exploitpack

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities

2016-05-04 00:00:00

redhat

(RHSA-2016:0726) Important: ImageMagick security update

2016-05-09 16:56:15

altlinux

Security fix for the ALT Linux 7 package ImageMagick version 6.8.4.10-alt3.M70P.1

2016-05-20 00:00:00

oraclelinux

ImageMagick security update

2016-05-09 00:00:00

ImageMagick security update

2016-06-16 00:00:00

mageia

Updated imagemagick/ruby-rmagic packages fix security vulnerability

2016-05-20 14:38:30

Updated imagemagick packages fix security vulnerabilities

2016-07-19 15:47:11

freebsd

ImageMagick -- multiple vulnerabilities

2016-05-03 00:00:00

seebug

ImageMagick 命令执行漏洞 (ImageTragick)

2016-05-04 00:00:00

Wordpress 4.5.1 Remote Command Execute

2016-05-05 00:00:00

zdt

ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)

2016-05-04 00:00:00

cloudfoundry

USN-2990-1 ImageMagick vulnerability (a.k.a. ImageTragick) | Cloud Foundry

2016-06-13 00:00:00

USN-3142-1: ImageMagick vulnerabilities | Cloud Foundry

2016-12-27 00:00:00

ubuntu

ImageMagick vulnerabilities

2016-06-02 00:00:00

ImageMagick vulnerabilities

2016-11-30 00:00:00

exploitdb

ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

2016-05-04 00:00:00

ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)

2016-05-09 00:00:00

archlinux

[ASA-201610-6] imagemagick: multiple issues

2016-10-08 00:00:00

imagemagick: information leakage

2016-07-29 00:00:00

imagemagick: arbitrary code execution

2016-05-05 00:00:00

attackerkb

CVE-2016-3718

2016-05-05 00:00:00

CVE-2016-3715

2016-05-05 00:00:00

redhatcve

CVE-2016-7906

2016-10-03 09:18:08

CVE-2016-3718

2016-05-04 07:18:51

CVE-2016-3716

2016-05-03 15:49:02

ubuntucve

CVE-2016-7906

2016-10-04 00:00:00

CVE-2016-7799

2016-10-04 00:00:00

CVE-2016-3716

2016-05-05 00:00:00

prion

Design/Logic Flaw

2017-01-18 17:59:00

Out-of-bounds

2017-01-18 17:59:00

Code injection

2016-05-05 18:59:00

alpinelinux

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-7799

2017-01-18 17:59:00

CVE-2016-6491

2016-12-13 15:59:00

debiancve

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-3717

2016-05-05 18:59:00

CVE-2016-3716

2016-05-05 18:59:00

cve

CVE-2016-7906

2017-01-18 17:59:00

CVE-2016-7799

2017-01-18 17:59:00

CVE-2016-3716

2016-05-05 18:59:00

veracode

Server-Side Request Forgery (SSRF)

2017-02-01 07:03:28

Information Disclosure

2017-02-01 07:28:18

Arbitrary File Moving

2017-02-01 08:02:13

checkpoint_advisories

ImageMagick Unauthorized File Moving (CVE-2016-3716)

2016-06-29 00:00:00

ImageMagick Server Side Request Forgery (CVE-2016-3718)

2016-06-29 00:00:00

ImageMagick Insufficient Character Filtering Remote Code Execution (CVE-2016-3714)

2016-06-30 00:00:00

packetstorm

ImageMagick Delegate Arbitrary Command Execution

2016-05-06 00:00:00

threatpost

Public Exploits Available for ImageMagick Vulnerabilities

2016-05-04 12:17:05

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

2019-06-25 22:47:50

hackerone

Internet Bug Bounty: Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)

2016-04-21 00:00:00

cert

ImageMagick does not properly validate input before processing images using a delegate

2016-05-04 00:00:00

thn

Warning — Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution

2016-05-03 22:59:00

myhack58

How to pass the command injection vulnerability fix Yahoo subsidiary production servers-vulnerability warning-the black bar safety net

2017-06-06 00:00:00

symantec

SA151: ImageMagick RCE Vulnerability (ImageTragick)

2017-07-05 08:00:00

cisa_kev

ImageMagick Arbitrary File Deletion Vulnerability

2021-11-03 00:00:00

ImageMagick Server-Side Request Forgery (SSRF) Vulnerability

2021-11-03 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Related for GLSA-201611-21