← back
CVE-2016-3715

CVE-2016-3715

CVSS 5.5 MEDIUMEPSS 75.4%● KEVCWE-552
In short

ImageMagick's EPHEMERAL coder had a flaw that allowed attackers to delete files on a system by uploading a specially crafted image. This is dangerous because it could lead to loss of important data or system instability.

Technical detail

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 is vulnerable to arbitrary file deletion via malicious image input. An attacker can craft a specially formatted image file that, when processed by the vulnerable coder, results in deletion of arbitrary files with the privileges of the ImageMagick process. This requires the application to process untrusted image files without proper validation.

Summary generated and translated by AI from the official description.
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/39767/unverifiedexploitdbwww.exploit-db.com/exploits/39767unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLoghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0726.htmlhttps://security.gentoo.org/glsa/201611-21https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3715https://www.exploit-db.com/exploits/39767/https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588https://www.imagemagick.org/script/changelog.php