Search for vulnerabilities
Vulnerability details: VCID-912t-bu7t-aaak
Vulnerability ID VCID-912t-bu7t-aaak
Aliases CVE-2016-3716
Summary The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-264 Permissions, Privileges, and Access Controls
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3716.html
rhas Important https://access.redhat.com/errata/RHSA-2016:0726
epss 0.21326 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.21326 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.28489 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.40668 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.4428 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.61879 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.61879 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.61879 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
epss 0.79355 https://api.first.org/data/v1/epss?cve=CVE-2016-3716
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1332504
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-3716
cvssv3 3.3 https://nvd.nist.gov/vuln/detail/CVE-2016-3716
generic_textual Medium https://ubuntu.com/security/notices/USN-2990-1
generic_textual Medium http://www.openwall.com/lists/oss-security/2016/05/03/18
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Reference id Reference type URL
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3716.html
http://rhn.redhat.com/errata/RHSA-2016-0726.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3716.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
https://security.gentoo.org/glsa/201611-21
https://ubuntu.com/security/notices/USN-2990-1
https://www.exploit-db.com/exploits/39767/
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
https://www.imagemagick.org/script/changelog.php
http://www.debian.org/security/2016/dsa-3580
http://www.openwall.com/lists/oss-security/2016/05/03/18
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/archive/1/538378/100/0/threaded
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
http://www.ubuntu.com/usn/USN-2990-1
1332504 https://bugzilla.redhat.com/show_bug.cgi?id=1332504
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2016-3716 https://nvd.nist.gov/vuln/detail/CVE-2016-3716
RHSA-2016:0726 https://access.redhat.com/errata/RHSA-2016:0726
USN-2990-1 https://usn.ubuntu.com/2990-1/
Data source Exploit-DB
Date added May 4, 2016
Description ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
Ransomware campaign use Unknown
Source publication date May 4, 2016
Exploit type dos
Platform multiple
Source update date April 29, 2018
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3716
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3716
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95368
EPSS Score 0.21326
Published At June 20, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.