PT-2017-2442 · Imagemagick+4 · Imagemagick+4

Publicado

2016-05-06

Atualizado

2018-08-04

CVE-2016-5239

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.4-0 GraphicsMagick (affected versions not specified)

Description The issue is related to the gnuplot delegate functionality in ImageMagick and GraphicsMagick, which allows remote attackers to execute arbitrary commands via unspecified vectors. This is due to inadequate access control in the gnuplot component of the console graphic editor.

Recommendations For ImageMagick versions prior to 6.9.4-0, update to version 6.9.4-0 or later to resolve the issue. For GraphicsMagick, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2016-1456

BDU:2017-01647

CESA-2016_1237

CVE-2016-5239

DLA-1456-1

DLA-484-1

DLA-486-1

DSA-3580-1

RHSA-2016:1237

RHSA-2016_1237

Produtos afetados

Alt Linux

Centos

Graphicsmagick

Imagemagick

Red Hat

PT-2017-2442 · Imagemagick+4 · Imagemagick+4

CVE-2016-5239

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23