CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 7CVE-2016-3714 – ImageMagick Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." Los codificadores (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN y (8) PLT en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos ejecutar código arbitrario a través de metacaracteres shell en una imagen manipulada, también conocido como "ImageTragick". It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. • https://www.exploit-db.com/exploits/39767 https://www.exploit-db.com/exploits/39791 https://github.com/Hood3dRob1n/CVE-2016-3714 https://github.com/jpeanut/ImageTragick-CVE-2016-3714-RShell https://github.com/chusiang/CVE-2016-3714.ansible.role https://github.com/JoshMorrison99/CVE-2016-3714 https://github.com/tommiionfire/CVE-2016-3714 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8716
https://notcve.org/view.php?id=CVE-2014-8716
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). El decodificador JPEG de ImageMagick en versiones anteriores a 6.8.9-9 permite a los usuarios locales provocar una denegación de servicio (acceso a la memoria fuera de límites y caída). • http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 http://www.securityfocus.com/bid/70992 https://bugzilla.redhat.com/show_bug.cgi?id=1164248 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8561
https://notcve.org/view.php?id=CVE-2014-8561
imagemagick 6.8.9.6 has remote DOS via infinite loop imagemagick versión 6.8.9.6, tiene una vulnerabilidad de DOS remota por medio de un bucle infinito. • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html http://seclists.org/fulldisclosure/2014/Nov/1 http://www.openwall.com/lists/oss-security/2014/10/31/3 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-8561 https://security-tracker.debian.org/tracker/CVE-2014-8561 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8355
https://notcve.org/view.php?id=CVE-2014-8355
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). El código parser PCX en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (fuera de los límites de lectura). • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html http://www.securityfocus.com/bid/70839 https://bugzilla.redhat.com/show_bug.cgi?id=1158523 https://int21.de/cve/CVE-2014-8355-ImageMagick-pcx-oob-heap-overflow.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8562
https://notcve.org/view.php?id=CVE-2014-8562
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). La decodificación de DCM en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites). • http://www.securityfocus.com/bid/70837 https://bugzilla.redhat.com/show_bug.cgi?id=1159362 https://int21.de/cve/CVE-2014-8562-ImageMagick-dcm-oob-heap-overflow.html https://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html • CWE-125: Out-of-bounds Read •