PT-2016-2220 · Imagemagick+5 · Imagemagick+5

Nikolay Ermishkin

Publicado

2016-05-05

Atualizado

2025-04-02

CVE-2016-3715

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.3-10 ImageMagick versions 7.x prior to 7.0.1-1

Description The issue is related to insufficient access control in the EPHEMERAL coder of the ImageMagick console graphic editor. It allows a remote attacker to delete arbitrary files using a specially crafted image.

Recommendations For ImageMagick versions prior to 6.9.3-10, update to version 6.9.3-10 or later. For ImageMagick versions 7.x prior to 7.0.1-1, update to version 7.0.1-1 or later. As a temporary workaround, consider restricting access to the EPHEMERAL coder until a patch is available.

Exploit

Correção

Files Accessible to External Parties

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-552CWE-284

Identificadores relacionados

ALT-PU-2016-1456

BDU:2016-01573

CESA-2016_0726

CVE-2016-3715

DLA-484-1

DLA-486-1

DSA-3580-1

DSA-3746-1

MGASA-2016-0188

OPENSUSE-SU-2016_1261-1

OPENSUSE-SU-2016_1266-1

OPENSUSE-SU-2016_1326-1

OPENSUSE-SU-2024:10040-1

OPENSUSE-SU-2024:10505-1

RHSA-2016:0726

RHSA-2016_0726

SUSE-SU-2016:1260-1

SUSE-SU-2016:1275-1

SUSE-SU-2016:1276-1

USN-2990-1

Produtos afetados

Alt Linux

Centos

Imagemagick

Red Hat

Suse

Ubuntu

PT-2016-2220 · Imagemagick+5 · Imagemagick+5

CVE-2016-3715

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 77