Search for vulnerabilities
Vulnerability details: VCID-gkn1-7gcp-3ug5
Vulnerability ID VCID-gkn1-7gcp-3ug5
Aliases CVE-2016-3715
Summary
Status Published
Exploitability 2.0
Weighted Severity 5.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3.1 5.5 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
ssvc Track http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
cvssv3.1 5.5 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
cvssv3.1 5.5 http://rhn.redhat.com/errata/RHSA-2016-0726.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2016-0726.html
epss 0.86045 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.86045 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.86045 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.87814 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.87814 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
epss 0.88973 https://api.first.org/data/v1/epss?cve=CVE-2016-3715
cvssv3.1 5.5 https://security.gentoo.org/glsa/201611-21
ssvc Track https://security.gentoo.org/glsa/201611-21
cvssv3.1 5.5 https://www.exploit-db.com/exploits/39767/
ssvc Track https://www.exploit-db.com/exploits/39767/
cvssv3.1 5.5 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
ssvc Track https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
cvssv3.1 5.5 https://www.imagemagick.org/script/changelog.php
ssvc Track https://www.imagemagick.org/script/changelog.php
cvssv3.1 5.5 http://www.debian.org/security/2016/dsa-3580
ssvc Track http://www.debian.org/security/2016/dsa-3580
cvssv3.1 5.5 http://www.debian.org/security/2016/dsa-3746
ssvc Track http://www.debian.org/security/2016/dsa-3746
cvssv3.1 5.5 http://www.openwall.com/lists/oss-security/2016/05/03/18
ssvc Track http://www.openwall.com/lists/oss-security/2016/05/03/18
cvssv3.1 5.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
ssvc Track http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
cvssv3.1 5.5 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
ssvc Track http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
cvssv3.1 5.5 http://www.securityfocus.com/archive/1/538378/100/0/threaded
ssvc Track http://www.securityfocus.com/archive/1/538378/100/0/threaded
cvssv3.1 5.5 http://www.securityfocus.com/bid/89852
ssvc Track http://www.securityfocus.com/bid/89852
cvssv3.1 5.5 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
ssvc Track http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
cvssv3.1 5.5 http://www.ubuntu.com/usn/USN-2990-1
ssvc Track http://www.ubuntu.com/usn/USN-2990-1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3715.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5240
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7800
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9830
1332500 https://bugzilla.redhat.com/show_bug.cgi?id=1332500
18 http://www.openwall.com/lists/oss-security/2016/05/03/18
201611-21 https://security.gentoo.org/glsa/201611-21
39767 https://www.exploit-db.com/exploits/39767/
89852 http://www.securityfocus.com/bid/89852
ChangeLog http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
changelog.php https://www.imagemagick.org/script/changelog.php
dsa-3580 http://www.debian.org/security/2016/dsa-3580
dsa-3746 http://www.debian.org/security/2016/dsa-3746
msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
RHSA-2016:0726 https://access.redhat.com/errata/RHSA-2016:0726
RHSA-2016-0726.html http://rhn.redhat.com/errata/RHSA-2016-0726.html
threaded http://www.securityfocus.com/archive/1/538378/100/0/threaded
USN-2990-1 https://usn.ubuntu.com/2990-1/
USN-2990-1 http://www.ubuntu.com/usn/USN-2990-1
viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
viewtopic.php?f=4&t=29588 https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Data source Exploit-DB
Date added May 4, 2016
Description ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
Ransomware campaign use Unknown
Source publication date May 4, 2016
Exploit type dos
Platform multiple
Source update date April 29, 2018
Data source KEV
Date added Nov. 3, 2021
Description ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.
Required action Apply updates per vendor instructions.
Due date May 3, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2016-3715
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0726.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0726.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/201611-21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at https://security.gentoo.org/glsa/201611-21
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.exploit-db.com/exploits/39767/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at https://www.exploit-db.com/exploits/39767/
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.imagemagick.org/script/changelog.php
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at https://www.imagemagick.org/script/changelog.php
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.debian.org/security/2016/dsa-3580
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.debian.org/security/2016/dsa-3580
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.debian.org/security/2016/dsa-3746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.debian.org/security/2016/dsa-3746
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2016/05/03/18
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.openwall.com/lists/oss-security/2016/05/03/18
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.securityfocus.com/archive/1/538378/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.securityfocus.com/archive/1/538378/100/0/threaded
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.securityfocus.com/bid/89852
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.securityfocus.com/bid/89852
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://www.ubuntu.com/usn/USN-2990-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-07T13:27:17Z/ Found at http://www.ubuntu.com/usn/USN-2990-1
Exploit Prediction Scoring System (EPSS)
Percentile 0.99354
EPSS Score 0.86045
Published At Sept. 19, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:31.228602+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2990-1/ 37.0.0