[3.0] imagemagick: Multiple vulnerabilities (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718)
CVE-2016-3714: Insufficient shell characters filtering
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7)
WIN, and (8) PLT coders
in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote
attackers to execute arbitrary
code via shell metacharacters in a crafted image, aka “ImageTragick.”
References:
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588\#p132726
http://www.openwall.com/lists/oss-security/2016/05/03/18
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3714
CVE-2016-3715: File deletion
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before
7.0.1-1 allows remote attackers
to delete arbitrary files via a crafted image.
References:
http://www.openwall.com/lists/oss-security/2016/05/03/18
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3715
CVE-2016-3716: File moving
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
allows remote attackers
to move arbitrary files via a crafted image.
References:
http://www.openwall.com/lists/oss-security/2016/05/03/18
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3716
CVE-2016-3717: Local file read
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
allows remote attackers
to read arbitrary files via a crafted image.
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-3717
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3717
CVE-2016-3718: SSRF vulnerability
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x
before 7.0.1-1
allow remote attackers to conduct server-side request forgery (SSRF)
attacks via a crafted image.
References:
http://www.openwall.com/lists/oss-security/2016/05/03/18
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3718
(from redmine: issue id 5555, created on 2016-05-10, closed on 2016-06-02)
- Relations:
- parent #5551 (closed)