CVE-2016-3718
ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
84Public Exploits
1Exploited in Wild
YesDecision
Descriptions
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada.
A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images.
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.
ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2016-03-30 CVE Reserved
- 2016-05-05 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2025-02-07 CVE Updated
- 2025-02-07 First Exploit
- 2025-03-30 EPSS Updated
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/05/03/18 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinjul2016... | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinap... | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/538378/100/0/threaded | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html | Mailing List |
|
| https://www.imagemagick.org/script/changelog.php | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/39767 | 2025-02-07 |