CVE-2016-3714

2016-05-0518:00:00

redhat

github.com

AI Score

7.9

Confidence

Low

EPSS

0.974

Percentile

99.9%

SSVC

Exploitation

active

Automatable

yes

Technical Impact

total

JSON

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka “ImageTragick.”

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*"
    ],
    "vendor": "imagemagick",
    "product": "imagemagick",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "6.9.3-9"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*"
    ],
    "vendor": "imagemagick",
    "product": "imagemagick",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0-0"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*"
    ],
    "vendor": "imagemagick",
    "product": "imagemagick",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1-0"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
      "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
      "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
      "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
    ],
    "vendor": "canonical",
    "product": "ubuntu_linux",
    "versions": [
      {
        "status": "affected",
        "version": "12.04"
      },
      {
        "status": "affected",
        "version": "14.04"
      },
      {
        "status": "affected",
        "version": "15.10"
      },
      {
        "status": "affected",
        "version": "16.04"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
    ],
    "vendor": "debian",
    "product": "debian_linux",
    "versions": [
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "9.0"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"
    ],
    "vendor": "opensuse",
    "product": "opensuse",
    "versions": [
      {
        "status": "affected",
        "version": "13.2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"
    ],
    "vendor": "opensuse",
    "product": "leap",
    "versions": [
      {
        "status": "affected",
        "version": "42.1"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*"
    ],
    "vendor": "suse",
    "product": "suse_linux_enterprise_server",
    "versions": [
      {
        "status": "affected",
        "version": "12"
      }
    ],
    "defaultStatus": "unknown"
  }
]