Gentoo update for ImageMagick
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5010 CVE-2016-5842 CVE-2016-6491 CVE-2016-7799 CVE-2016-7906 |
| CWE-ID | CWE-20 CWE-200 CWE-918 CWE-125 CWE-122 CWE-416 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Vulnerability #5 is being exploited in the wild. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU5846
Risk: Critical
CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2016-3714
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient filtering for filename passed to delegate's command. A remote attacker can create a specially crafted image containing shell metacharacters, trick the victim into opening it via application using ImageMagick, will trigger an input validation flaw and execute arbitrary shell commands with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Input validation error
EUVDB-ID: #VU5847
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-3715
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to delete arbitrary files on the target system.
The weakness exists due to input validation error. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger an error in the ephemeral pseudo-protocol and delete certain files on the affected system.
Successful exploitation of the vulnerability results in deletion of arbitrary files on the vulnerable system.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Security bypass
EUVDB-ID: #VU5848
Risk: Medium
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2016-3716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to the failure to properly prevent file move operations when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening, bypass security mechanism and move certain files on the affected system.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Information disclosure
EUVDB-ID: #VU5849
Risk: Low
CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-3717
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can create a specially crafted image, trick the victim into opening it, generate output files and obtain sensitive information.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Server Side Request Forgery
EUVDB-ID: #VU5850
Risk: High
CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2016-3718
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable application.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Out-of-bounds read
EUVDB-ID: #VU32203
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-5010
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
MitigationUpdate the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU32211
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-5842
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
MitigationUpdate the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU32212
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-6491
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
MitigationUpdate the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Denial of service
EUVDB-ID: #VU834
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7799
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness exists due to buffer over read caused by malicious file and allowing attackers to cause the affected application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Arbitrary code execution
EUVDB-ID: #VU835
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7906
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness exists due to use after free caused by a specially crafted image and letting attackers to execute arbitrary code or cause the application crash.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Update the affected packages.
media-gfx/imagemagick to version: 6.9.6.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/
https://security.gentoo.org/glsa/201611-21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
