CVE-2016-3718
KEV
🔴 Łataj teraz
Luki w ImageMagick umożliwiają ataki SSRF poprzez spreparowany obraz.
CVSS
5.5
EPSS
83.8%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
ssrf
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 83.8% |
| Opublikowano (NVD) | 2016-05-05 18:59:08 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 14:35:42 UTC |
Referencje
- http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog (secalert@redhat.com) [Patch, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html (secalert@redhat.com) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html (secalert@redhat.com) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html (secalert@redhat.com) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html (secalert@redhat.com) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html (secalert@redhat.com) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2016-0726.html (secalert@redhat.com) [Third Party Advisory]
- http://www.debian.org/security/2016/dsa-3580 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2016/05/03/18 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (secalert@redhat.com) [Third Party Advisory]
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (secalert@redhat.com) [Third Party Advisory]
- http://www.securityfocus.com/archive/1/538378/100/0/threaded (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568 (secalert@redhat.com) [Third Party Advisory]
- http://www.ubuntu.com/usn/USN-2990-1 (secalert@redhat.com) [Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
- https://security.gentoo.org/glsa/201611-21 (secalert@redhat.com) [Third Party Advisory]
- https://www.exploit-db.com/exploits/39767/ (secalert@redhat.com) [Third Party Advisory, VDB Entry]
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 (secalert@redhat.com) [Vendor Advisory]
- https://www.imagemagick.org/script/changelog.php (secalert@redhat.com) [Release Notes]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3718 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]