Vulnerability CVE-2016-3716: Information

Description

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-3716

Published: May 5, 2016

Modified: Feb. 13, 2023

Error type identifier: CWE-264

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
ImageMagick	sisyphus	6.9.3.10-alt1	7.1.1.27-alt1	ALT-PU-2016-1456-1	164369	Fixed
ImageMagick	p10	6.9.3.10-alt1	6.9.12.93-alt1	ALT-PU-2016-1456-1	164369	Fixed
ImageMagick	p9	6.9.3.10-alt1	6.9.11.23-alt1	ALT-PU-2016-1456-1	164369	Fixed
ImageMagick	p8	6.9.3.10-alt1	6.9.4.7-alt2.M80P.1	ALT-PU-2016-1459-1	164370	Fixed
ImageMagick	c10f1	6.9.3.10-alt1	6.9.12.93-alt1	ALT-PU-2016-1456-1	164369	Fixed
ImageMagick	c9f2	6.9.3.10-alt1	6.9.12.93-alt1	ALT-PU-2016-1456-1	164369	Fixed
ImageMagick	c7	6.8.4.10-alt3.M70C.1	6.8.4.10-alt3.M70C.1	ALT-PU-2016-1530-1	164972	Fixed

Hyperlink	Resource
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588	Vendor Advisory
https://www.imagemagick.org/script/changelog.php	Vendor Advisory
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog	Patch Vendor Advisory
[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714	Exploit
USN-2990-1	Third Party Advisory
RHSA-2016:0726	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
SUSE-SU-2016:1275
openSUSE-SU-2016:1261
SUSE-SU-2016:1260
DSA-3580
SSA:2016-132-01
openSUSE-SU-2016:1266
GLSA-201611-21
39767
[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update
20160513 May 2016 - HipChat Server - Critical Security Advisory

Version: v24.4.2