Search for vulnerabilities
Vulnerability details: VCID-jhhp-g2b7-aaan
Vulnerability ID VCID-jhhp-g2b7-aaan
Aliases CVE-2016-3717
Summary The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3717.html
rhas Important https://access.redhat.com/errata/RHSA-2016:0726
epss 0.24199 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.24199 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.39178 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.39178 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.39178 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.39178 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.39178 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.39178 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.42676 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.45378 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.51526 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.83674 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.83674 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.83674 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
epss 0.88585 https://api.first.org/data/v1/epss?cve=CVE-2016-3717
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1332505
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
cvssv2 7.1 https://nvd.nist.gov/vuln/detail/CVE-2016-3717
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2016-3717
generic_textual Medium https://ubuntu.com/security/notices/USN-2990-1
generic_textual Medium http://www.openwall.com/lists/oss-security/2016/05/03/18
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
cvssv3.1 8.8 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Reference id Reference type URL
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3717.html
http://rhn.redhat.com/errata/RHSA-2016-0726.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3717.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5239
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
https://security.gentoo.org/glsa/201611-21
https://ubuntu.com/security/notices/USN-2990-1
https://www.exploit-db.com/exploits/39767/
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
https://www.imagemagick.org/script/changelog.php
http://www.debian.org/security/2016/dsa-3580
http://www.openwall.com/lists/oss-security/2016/05/03/18
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/archive/1/538378/100/0/threaded
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
http://www.ubuntu.com/usn/USN-2990-1
1332505 https://bugzilla.redhat.com/show_bug.cgi?id=1332505
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2016-3717 https://nvd.nist.gov/vuln/detail/CVE-2016-3717
RHSA-2016:0726 https://access.redhat.com/errata/RHSA-2016:0726
USN-2990-1 https://usn.ubuntu.com/2990-1/
Data source Exploit-DB
Date added May 4, 2016
Description ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
Ransomware campaign use Unknown
Source publication date May 4, 2016
Exploit type dos
Platform multiple
Source update date April 29, 2018
Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3717
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3717
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95788
EPSS Score 0.24199
Published At June 20, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.