Search for vulnerabilities
Vulnerability details: VCID-5kqx-t8q9-mff5
Vulnerability ID VCID-5kqx-t8q9-mff5
Aliases CVE-2016-3718
Summary
Status Published
Exploitability 2.0
Weighted Severity 5.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
cvssv3.1 5.5 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
ssvc Track http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
cvssv3.1 5.5 http://rhn.redhat.com/errata/RHSA-2016-0726.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2016-0726.html
epss 0.87335 https://api.first.org/data/v1/epss?cve=CVE-2016-3718
epss 0.87335 https://api.first.org/data/v1/epss?cve=CVE-2016-3718
epss 0.87335 https://api.first.org/data/v1/epss?cve=CVE-2016-3718
epss 0.87335 https://api.first.org/data/v1/epss?cve=CVE-2016-3718
epss 0.87335 https://api.first.org/data/v1/epss?cve=CVE-2016-3718
cvssv3.1 5.5 https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
ssvc Track https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
cvssv3.1 5.5 https://security.gentoo.org/glsa/201611-21
ssvc Track https://security.gentoo.org/glsa/201611-21
cvssv3.1 5.5 https://www.exploit-db.com/exploits/39767/
ssvc Track https://www.exploit-db.com/exploits/39767/
cvssv3.1 5.5 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
ssvc Track https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
cvssv3.1 5.5 https://www.imagemagick.org/script/changelog.php
ssvc Track https://www.imagemagick.org/script/changelog.php
cvssv3.1 5.5 http://www.debian.org/security/2016/dsa-3580
ssvc Track http://www.debian.org/security/2016/dsa-3580
cvssv3.1 5.5 http://www.openwall.com/lists/oss-security/2016/05/03/18
ssvc Track http://www.openwall.com/lists/oss-security/2016/05/03/18
cvssv3.1 5.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
ssvc Track http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
cvssv3.1 5.5 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
ssvc Track http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
cvssv3.1 5.5 http://www.securityfocus.com/archive/1/538378/100/0/threaded
ssvc Track http://www.securityfocus.com/archive/1/538378/100/0/threaded
cvssv3.1 5.5 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
ssvc Track http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
cvssv3.1 5.5 http://www.ubuntu.com/usn/USN-2990-1
ssvc Track http://www.ubuntu.com/usn/USN-2990-1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3718.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
1332802 https://bugzilla.redhat.com/show_bug.cgi?id=1332802
18 http://www.openwall.com/lists/oss-security/2016/05/03/18
201611-21 https://security.gentoo.org/glsa/201611-21
39767 https://www.exploit-db.com/exploits/39767/
ChangeLog http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
changelog.php https://www.imagemagick.org/script/changelog.php
dsa-3580 http://www.debian.org/security/2016/dsa-3580
msg00009.html https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
RHSA-2016:0726 https://access.redhat.com/errata/RHSA-2016:0726
RHSA-2016-0726.html http://rhn.redhat.com/errata/RHSA-2016-0726.html
threaded http://www.securityfocus.com/archive/1/538378/100/0/threaded
USN-2990-1 https://usn.ubuntu.com/2990-1/
USN-2990-1 http://www.ubuntu.com/usn/USN-2990-1
viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
viewtopic.php?f=4&t=29588 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Data source Exploit-DB
Date added May 4, 2016
Description ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
Ransomware campaign use Unknown
Source publication date May 4, 2016
Exploit type dos
Platform multiple
Source update date April 29, 2018
Data source KEV
Date added Nov. 3, 2021
Description ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.
Required action Apply updates per vendor instructions.
Due date May 3, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2016-3718
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0726.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0726.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/201611-21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at https://security.gentoo.org/glsa/201611-21
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.exploit-db.com/exploits/39767/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at https://www.exploit-db.com/exploits/39767/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.imagemagick.org/script/changelog.php
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at https://www.imagemagick.org/script/changelog.php
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.debian.org/security/2016/dsa-3580
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.debian.org/security/2016/dsa-3580
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2016/05/03/18
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.openwall.com/lists/oss-security/2016/05/03/18
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.securityfocus.com/archive/1/538378/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.securityfocus.com/archive/1/538378/100/0/threaded
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.ubuntu.com/usn/USN-2990-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:43Z/ Found at http://www.ubuntu.com/usn/USN-2990-1
Exploit Prediction Scoring System (EPSS)
Percentile 0.99411
EPSS Score 0.87335
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:31.275591+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2990-1/ 37.0.0