Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3717

CWE-200Information ExposureCWE-20Improper Input Validation12 documents10 sources
Severity
5.5MEDIUM
EPSS
33.7%
top 3.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Imagemagick ImagemagickCanonical Ubuntu LinuxRedhat Enterprise Linux Desktop+7 more
Timeline
PublishedMay 5
Latest updateMay 14

Description

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

Debianimagemagick< 8:6.9.6.2+dfsg-2+3
Debiangraphicsmagick< 1.3.24-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.2, 6.7z

Patches

Patch: git.imagemagick.orgPatch: git.imagemagick.org

🔴Vulnerability Details

4
GHSA
GHSA-cc28-64rq-q7jg: The LABEL coder in ImageMagick before 62022-05-14
OSV
imagemagick vulnerabilities2016-06-02
OSV
CVE-2016-3717: The LABEL coder in ImageMagick before 62016-05-05
CVEList
CVE-2016-3717: The LABEL coder in ImageMagick before 62016-05-05

💥Exploits & PoCs

1
Exploit-DB
ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities2016-05-04

🔍Detection Rules

1
Suricata
ET WEB_SERVER ImageMagick CVE-2016-3717 Local File Read Inbound (label: + mvg)2016-05-04

📋Vendor Advisories

3
Ubuntu
ImageMagick vulnerabilities2016-06-02
Red Hat
ImageMagick: Local file read2016-05-03
Debian
CVE-2016-3717: graphicsmagick - The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows rem...2016

💬Community

2
Bugzilla
CVE-2016-3717 ImageMagick: Local file read2016-05-03
Bugzilla
CVE-2016-3717 ImageMagick: Local file read [fedora-all]2016-05-03
CVE-2016-3717 (MEDIUM CVSS 5.5) | The LABEL coder in ImageMagick befo | cvebase.io