Search for vulnerabilities
Vulnerability details: VCID-fha7-vanm-h3gn
Vulnerability ID VCID-fha7-vanm-h3gn
Aliases CVE-2016-3714
Summary
Status Published
Exploitability 2.0
Weighted Severity 7.6
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3.1 8.4 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
ssvc Act http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
cvssv3.1 8.4 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
cvssv3.1 8.4 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
cvssv3.1 8.4 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
cvssv3.1 8.4 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
cvssv3.1 8.4 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
cvssv3.1 8.4 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
cvssv3.1 8.4 http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
ssvc Act http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
cvssv3.1 8.4 http://rhn.redhat.com/errata/RHSA-2016-0726.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2016-0726.html
cvssv3 8.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3714.json
cvssv3.1 8.4 https://access.redhat.com/security/vulnerabilities/2296071
ssvc Act https://access.redhat.com/security/vulnerabilities/2296071
epss 0.93863 https://api.first.org/data/v1/epss?cve=CVE-2016-3714
epss 0.93863 https://api.first.org/data/v1/epss?cve=CVE-2016-3714
epss 0.93863 https://api.first.org/data/v1/epss?cve=CVE-2016-3714
epss 0.93863 https://api.first.org/data/v1/epss?cve=CVE-2016-3714
cvssv3.1 8.4 https://bugzilla.redhat.com/show_bug.cgi?id=1332492
ssvc Act https://bugzilla.redhat.com/show_bug.cgi?id=1332492
cvssv3.1 8.4 https://imagetragick.com/
ssvc Act https://imagetragick.com/
cvssv3.1 8.4 https://security.gentoo.org/glsa/201611-21
ssvc Act https://security.gentoo.org/glsa/201611-21
cvssv3.1 8.4 https://www.exploit-db.com/exploits/39767/
ssvc Act https://www.exploit-db.com/exploits/39767/
cvssv3.1 8.4 https://www.exploit-db.com/exploits/39791/
ssvc Act https://www.exploit-db.com/exploits/39791/
cvssv3.1 8.4 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
ssvc Act https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
cvssv3.1 8.4 https://www.imagemagick.org/script/changelog.php
ssvc Act https://www.imagemagick.org/script/changelog.php
cvssv3.1 8.4 https://www.kb.cert.org/vuls/id/250519
ssvc Act https://www.kb.cert.org/vuls/id/250519
cvssv3.1 8.4 http://www.debian.org/security/2016/dsa-3580
ssvc Act http://www.debian.org/security/2016/dsa-3580
cvssv3.1 8.4 http://www.debian.org/security/2016/dsa-3746
ssvc Act http://www.debian.org/security/2016/dsa-3746
cvssv3.1 8.4 http://www.openwall.com/lists/oss-security/2016/05/03/13
ssvc Act http://www.openwall.com/lists/oss-security/2016/05/03/13
cvssv3.1 8.4 http://www.openwall.com/lists/oss-security/2016/05/03/18
ssvc Act http://www.openwall.com/lists/oss-security/2016/05/03/18
cvssv3.1 8.4 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
ssvc Act http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
cvssv3.1 8.4 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
ssvc Act http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
cvssv3.1 8.4 http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
ssvc Act http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
cvssv3.1 8.4 http://www.securityfocus.com/archive/1/538378/100/0/threaded
ssvc Act http://www.securityfocus.com/archive/1/538378/100/0/threaded
cvssv3.1 8.4 http://www.securityfocus.com/bid/89848
ssvc Act http://www.securityfocus.com/bid/89848
cvssv3.1 8.4 http://www.securitytracker.com/id/1035742
ssvc Act http://www.securitytracker.com/id/1035742
cvssv3.1 8.4 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
ssvc Act http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
cvssv3.1 8.4 http://www.ubuntu.com/usn/USN-2990-1
ssvc Act http://www.ubuntu.com/usn/USN-2990-1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3714.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9830
1035742 http://www.securitytracker.com/id/1035742
13 http://www.openwall.com/lists/oss-security/2016/05/03/13
18 http://www.openwall.com/lists/oss-security/2016/05/03/18
201611-21 https://security.gentoo.org/glsa/201611-21
2296071 https://access.redhat.com/security/vulnerabilities/2296071
250519 https://www.kb.cert.org/vuls/id/250519
39767 https://www.exploit-db.com/exploits/39767/
39791 https://www.exploit-db.com/exploits/39791/
89848 http://www.securityfocus.com/bid/89848
ChangeLog http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
changelog.php https://www.imagemagick.org/script/changelog.php
CVE-2016-3714 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/39791.rb
CVE-2016-3718;CVE-2016-3717;CVE-2016-3716;CVE-2016-3715;CVE-2016-3714 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/39767.txt
dsa-3580 http://www.debian.org/security/2016/dsa-3580
dsa-3746 http://www.debian.org/security/2016/dsa-3746
imagemagick_delegate http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
imagetragick.com https://imagetragick.com/
ImageTragick-ImageMagick-Proof-Of-Concepts.html http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
RHSA-2016:0726 https://access.redhat.com/errata/RHSA-2016:0726
RHSA-2016-0726.html http://rhn.redhat.com/errata/RHSA-2016-0726.html
show_bug.cgi?id=1332492 https://bugzilla.redhat.com/show_bug.cgi?id=1332492
threaded http://www.securityfocus.com/archive/1/538378/100/0/threaded
USN-2990-1 https://usn.ubuntu.com/2990-1/
USN-2990-1 http://www.ubuntu.com/usn/USN-2990-1
viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
viewtopic.php?f=4&t=29588 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Data source KEV
Date added Sept. 9, 2024
Description ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date Sept. 30, 2024
Note 
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714
Ransomware campaign use Unknown
Data source Exploit-DB
Date added May 9, 2016
Description ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)
Ransomware campaign use Known
Source publication date May 9, 2016
Exploit type local
Platform multiple
Source update date April 29, 2018
Data source Metasploit
Description This module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. The PostScript (PS) target leverages a Ghostscript -dSAFER bypass (discovered by taviso) to achieve RCE in the Ghostscript delegate. Ghostscript versions 9.18 and later are affected. This target is provided as is and will not be updated to track additional vulns. If USE_POPEN is set to true, a |-prefixed command will be used for the exploit. No delegates are involved in this exploitation.
Note 
Stability:
  - crash-safe
SideEffects: []
Reliability: []
AKA:
  - ImageTragick
RelatedModules:
  - exploit/unix/fileformat/ghostscript_type_confusion
  - exploit/multi/fileformat/ghostscript_failed_restore
Ransomware campaign use Unknown
Source publication date May 3, 2016
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/fileformat/imagemagick_delegate.rb
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-0726.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0726.html
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3714.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/vulnerabilities/2296071
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://access.redhat.com/security/vulnerabilities/2296071
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1332492
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=1332492
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://imagetragick.com/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://imagetragick.com/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201611-21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://security.gentoo.org/glsa/201611-21
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/39767/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://www.exploit-db.com/exploits/39767/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/39791/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://www.exploit-db.com/exploits/39791/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.imagemagick.org/script/changelog.php
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://www.imagemagick.org/script/changelog.php
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.kb.cert.org/vuls/id/250519
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at https://www.kb.cert.org/vuls/id/250519
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2016/dsa-3580
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.debian.org/security/2016/dsa-3580
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2016/dsa-3746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.debian.org/security/2016/dsa-3746
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2016/05/03/13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.openwall.com/lists/oss-security/2016/05/03/13
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2016/05/03/18
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.openwall.com/lists/oss-security/2016/05/03/18
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/538378/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.securityfocus.com/archive/1/538378/100/0/threaded
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/89848
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.securityfocus.com/bid/89848
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1035742
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.securitytracker.com/id/1035742
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-2990-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-09-07T03:55:20Z/ Found at http://www.ubuntu.com/usn/USN-2990-1
Exploit Prediction Scoring System (EPSS)
Percentile 0.9986
EPSS Score 0.93863
Published At Aug. 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:31.209259+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2990-1/ 37.0.0