CVE-2016-3718 vulnerability in Canonical and Other Products
Published on May 5, 2016
Known Exploited Vulnerability
This ImageMagick SSRF Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2016-3718 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2016-3718
You can be notified by stack.watch whenever vulnerabilities like CVE-2016-3718 are published in these products:
What versions are vulnerable to CVE-2016-3718?
- Canonical Ubuntu Linux Version 12.04
- Canonical Ubuntu Linux Version 16.04
- Canonical Ubuntu Linux Version 15.10
- Canonical Ubuntu Linux Version 14.04
- ImageMagick Version 7.0.0-0
- ImageMagick Up to Version 6.9.3-9
- ImageMagick Version 7.0.1-0
- Red Hat Enterprise Linux Server Supplementary Eus Version 6.7z
- Red Hat Enterprise Linux Desktop Version 7.0
- Red Hat Enterprise Linux Server Aus Version 7.2
- Red Hat Enterprise Linux Workstation Version 7.0
- Red Hat Enterprise Linux Server Version 7.0
- Red Hat Enterprise Linux Hpc Node Version 6.0
- Red Hat Enterprise Linux Hpc Node Version 7.0
- Red Hat Enterprise Linux Server Eus Version 7.2
- Red Hat Enterprise Linux Desktop Version 6.0
- Red Hat Enterprise Linux Hpc Node Eus Version 7.2
- Red Hat Enterprise Linux Server Version 6.0
- Red Hat Enterprise Linux Workstation Version 6.0