System	Score	Found at
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7976.json
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.6807	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.69004	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
epss	0.69004	https://api.first.org/data/v1/epss?cve=CVE-2016-7976
cvssv2	7.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7976.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-7976
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5653
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7976
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7978
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1382294		https://bugzilla.redhat.com/show_bug.cgi?id=1382294
839260		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839260
USN-3148-1		https://usn.ubuntu.com/3148-1/

Data source	Metasploit
Description	This module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. The PostScript (PS) target leverages a Ghostscript -dSAFER bypass (discovered by taviso) to achieve RCE in the Ghostscript delegate. Ghostscript versions 9.18 and later are affected. This target is provided as is and will not be updated to track additional vulns. If USE_POPEN is set to true, a |-prefixed command will be used for the exploit. No delegates are involved in this exploitation.
Note	Stability: - crash-safe SideEffects: [] Reliability: [] AKA: - ImageTragick RelatedModules: - exploit/unix/fileformat/ghostscript_type_confusion - exploit/multi/fileformat/ghostscript_failed_restore
Ransomware campaign use	Unknown
Source publication date	May 3, 2016
Platform	Unix
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/fileformat/imagemagick_delegate.rb

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7976.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Percentile	0.98514
EPSS Score	0.6807
Published At	July 31, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:40:13.641463+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/3148-1/	37.0.0