CVE-2016-3714

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.3-10 ImageMagick versions 7.x prior to 7.0.1-1

Description The issue exists due to insufficient input validation in the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders of the ImageMagick console graphics editor. This allows a remote attacker to execute arbitrary code using metacharacters in a specially crafted image.

Recommendations For ImageMagick versions prior to 6.9.3-10, update to version 6.9.3-10 or later. For ImageMagick versions 7.x prior to 7.0.1-1, update to version 7.0.1-1 or later. As a temporary workaround, consider disabling the vulnerable coders until a patch is available. Restrict access to the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders to minimize the risk of exploitation. Avoid using shell metacharacters in crafted images until the issue is resolved.