Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2016-5118

Disclosure Date: June 10, 2016
CVE-2016-5118 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • graphicsmagick,
  • imagemagick,
  • opensuse,
  • oracle,
  • suse

Products

  • debian linux 8.0,
  • graphicsmagick,
  • imagemagick -,
  • leap 42.1,
  • linux 6,
  • linux 7,
  • linux enterprise debuginfo 11,
  • linux enterprise desktop 12,
  • linux enterprise desktop 12.0,
  • linux enterprise server 12,
  • linux enterprise server 12.0,
  • linux enterprise software development kit 11,
  • linux enterprise software development kit 12,
  • linux enterprise software development kit 12.0,
  • linux enterprise workstation extension 12,
  • opensuse 13.2,
  • solaris 10,
  • solaris 11.3,
  • studio onsite 1.3,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.10,
  • ubuntu linux 16.04

References

Canonical
CVE-2016-5118 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118)
BID-90938 (http://www.securityfocus.com/bid/90938)
Advisory
https://access.redhat.com/errata/RHSA-2016:1237
SECTRACK-1035985 (http://www.securitytracker.com/id/1035985)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html
http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html
SECTRACK-1035984 (http://www.securitytracker.com/id/1035984)
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
[oss-security] 20160529 Re: CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename (http://www.openwall.com/lists/oss-security/2016/05/30/1)
USN-2990-1 (http://www.ubuntu.com/usn/USN-2990-1)
DSA-3591 (http://www.debian.org/security/2016/dsa-3591)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
DSA-3746 (http://www.debian.org/security/2016/dsa-3746)
[oss-security] 20160529 CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename (http://www.openwall.com/lists/oss-security/2016/05/29/7)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html
http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8
http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
Miscellaneous
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis