CVE-2016-3715 vulnerability in Red Hat and Other Products
Published on May 5, 2016
Known Exploited Vulnerability
This ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2016-3715 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2016-3715 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2016-3715
You can be notified by stack.watch whenever vulnerabilities like CVE-2016-3715 are published in these products:
What versions are vulnerable to CVE-2016-3715?
- Red Hat Enterprise Linux Server Supplementary Eus Version 6.7z
- Red Hat Enterprise Linux Desktop Version 7.0
- Red Hat Enterprise Linux Server Aus Version 7.2
- Red Hat Enterprise Linux Workstation Version 7.0
- Red Hat Enterprise Linux Server Version 7.0
- Red Hat Enterprise Linux Hpc Node Version 6.0
- Red Hat Enterprise Linux Hpc Node Version 7.0
- Red Hat Enterprise Linux Server Eus Version 7.2
- Red Hat Enterprise Linux Desktop Version 6.0
- Red Hat Enterprise Linux Hpc Node Eus Version 7.2
- Red Hat Enterprise Linux Server Version 6.0
- Red Hat Enterprise Linux Workstation Version 6.0
- ImageMagick Version 7.0.0-0
- ImageMagick Up to Version 6.9.3-9
- ImageMagick Version 7.0.1-0
- Canonical Ubuntu Linux Version 12.04
- Canonical Ubuntu Linux Version 16.04
- Canonical Ubuntu Linux Version 15.10
- Canonical Ubuntu Linux Version 14.04