CVE-2016-3718

Name of the Vulnerable Software and Affected Versions ImageMagick versions 6.9.3-10 and earlier ImageMagick versions 7.x prior to 7.0.1-1

Description The issue is related to the implementation of the HTTP and FTP protocols in ImageMagick, which allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. This is due to insufficient authentication of executed requests. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For ImageMagick versions 6.9.3-10 and earlier, update to version 6.9.3-10 or later. For ImageMagick versions 7.x prior to 7.0.1-1, update to version 7.0.1-1 or later. As a temporary workaround, consider restricting access to the HTTP and FTP coders until a patch is available.