redhat enterprise-linux-server-supplementary-eus CVE-2016-3715 vulnerability in Red Hat and Other Products
Published on May 5, 2016

product logo product logo product logo
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Vendor Advisory NVD

Known Exploited Vulnerability

This ImageMagick Ephemeral Coder Arbitrary File Deletion Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2016-3715 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2016-3715 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2016-3715

You can be notified by stack.watch whenever vulnerabilities like CVE-2016-3715 are published in these products:

Red Hat Enterprise Linux Server Supplementary Eus
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Workstation
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Hpc Node
 
Red Hat Enterprise Linux Server Eus
 
Red Hat Enterprise Linux Hpc Node Eus
 
ImageMagick
 
Canonical Ubuntu Linux
 

What versions are vulnerable to CVE-2016-3715?