Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
0

CVE-2016-3718

Disclosure Date: May 05, 2016
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
High
Availability (A):
None

General Information

Vendors

  • canonical,
  • imagemagick,
  • opensuse,
  • oracle,
  • redhat,
  • suse

Products

  • enterprise linux desktop 6.0,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 6.7,
  • enterprise linux eus 7.2,
  • enterprise linux eus 7.3,
  • enterprise linux eus 7.4,
  • enterprise linux eus 7.5,
  • enterprise linux eus 7.6,
  • enterprise linux eus 7.7,
  • enterprise linux for ibm z systems 6.0 s390x,
  • enterprise linux for ibm z systems 7.0 s390x,
  • enterprise linux for ibm z systems eus 6.7 s390x,
  • enterprise linux for ibm z systems eus 7.2 s390x,
  • enterprise linux for ibm z systems eus 7.3 s390x,
  • enterprise linux for ibm z systems eus 7.4 s390x,
  • enterprise linux for ibm z systems eus 7.5 s390x,
  • enterprise linux for ibm z systems eus 7.6 s390x,
  • enterprise linux for ibm z systems eus 7.7 s390x,
  • enterprise linux for power big endian 6.0 ppc64,
  • enterprise linux for power big endian 7.0 ppc64,
  • enterprise linux for power big endian eus 6.7 ppc64,
  • enterprise linux for power big endian eus 7.2 ppc64,
  • enterprise linux for power big endian eus 7.3 ppc64,
  • enterprise linux for power big endian eus 7.4 ppc64,
  • enterprise linux for power big endian eus 7.5 ppc64,
  • enterprise linux for power big endian eus 7.6 ppc64,
  • enterprise linux for power big endian eus 7.7 ppc64,
  • enterprise linux for power little endian 7.0 ppc64le,
  • enterprise linux for power little endian eus 7.2 ppc64le,
  • enterprise linux for power little endian eus 7.3 ppc64le,
  • enterprise linux for power little endian eus 7.4 ppc64le,
  • enterprise linux for power little endian eus 7.5 ppc64le,
  • enterprise linux for power little endian eus 7.6 ppc64le,
  • enterprise linux for power little endian eus 7.7 ppc64le,
  • enterprise linux hpc node 6.0,
  • enterprise linux hpc node 7.0,
  • enterprise linux hpc node eus 7.2,
  • enterprise linux server 6.0,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.2,
  • enterprise linux server aus 7.3,
  • enterprise linux server aus 7.4,
  • enterprise linux server aus 7.6,
  • enterprise linux server aus 7.7,
  • enterprise linux server from rhui 6.0,
  • enterprise linux server from rhui 7.0,
  • enterprise linux server supplementary eus 6.7z,
  • enterprise linux server tus 7.2,
  • enterprise linux server tus 7.3,
  • enterprise linux server tus 7.6,
  • enterprise linux server tus 7.7,
  • enterprise linux workstation 6.0,
  • enterprise linux workstation 7.0,
  • imagemagick,
  • imagemagick 7.0.0-0,
  • imagemagick 7.0.1-0,
  • leap 42.1,
  • linux 6,
  • linux 7,
  • linux enterprise debuginfo 11,
  • linux enterprise desktop 12,
  • linux enterprise server 11,
  • linux enterprise server 12,
  • linux enterprise software development kit 11,
  • linux enterprise software development kit 12,
  • linux enterprise workstation extension 12,
  • manager 2.1,
  • manager proxy 2.1,
  • openstack cloud 5,
  • opensuse 13.2,
  • solaris 10,
  • solaris 11.3,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.10,
  • ubuntu linux 16.04

Exploited in the Wild

Reported by:

References

Additional Info

Technical Analysis