CVE-2016-3715: The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

medium5.5CVSS 3.1

AVLACLPRNUIRSUCNIHAN

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2022-05-03

Exploited in the wild

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

88 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	graphicsmagick	< graphicsmagick 1.3.24-1 (bookworm)	graphicsmagick 1.3.24-1 (bookworm)
debian	imagemagick	< graphicsmagick 1.3.24-1 (bookworm)	graphicsmagick 1.3.24-1 (bookworm)
graphicsmagick	graphicsmagick	>= 0 < 1.3.24-1	1.3.24-1
graphicsmagick	graphicsmagick	>= 0 < 1.3.24-1	1.3.24-1
graphicsmagick	graphicsmagick	>= 0 < 1.3.24-1	1.3.24-1
graphicsmagick	graphicsmagick	>= 0 < 1.3.24-1	1.3.24-1
imagemagick	imagemagick	< 6.9.3-10	6.9.3-10
imagemagick	imagemagick	—	—
imagemagick	imagemagick	—	—
imagemagick	imagemagick	>= 0 < 8:6.9.6.2+dfsg-2	8:6.9.6.2+dfsg-2
imagemagick	imagemagick	>= 0 < 8:6.9.6.2+dfsg-2	8:6.9.6.2+dfsg-2
imagemagick	imagemagick	>= 0 < 8:6.9.6.2+dfsg-2	8:6.9.6.2+dfsg-2
imagemagick	imagemagick	>= 0 < 8:6.9.6.2+dfsg-2	8:6.9.6.2+dfsg-2
imagemagick	imagemagick	>= 0 < 8:6.7.7.10-6ubuntu3.1	8:6.7.7.10-6ubuntu3.1
imagemagick	imagemagick	>= 0 < 8:6.8.9.9-7ubuntu5.1	8:6.8.9.9-7ubuntu5.1
opensuse	leap	—	—
opensuse	opensuse	—	—
oracle	linux	—	—
oracle	linux	—	—
oracle	solaris	—	—
oracle	solaris	—	—

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

osv8.4HIGH

vulncheck5.5MEDIUM

cisa5.5MEDIUM