High severity8.4CISA KEVNVD Advisory· Published May 5, 2016· Updated Apr 21, 2026
CVE-2016-3714
CVE-2016-3714
Description
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
Affected products
12cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <=6.9.3-9
- cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
- cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
31- git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLognvdPatch
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlnvdThird Party Advisory
- packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.htmlnvdThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2016-0726.htmlnvdThird Party Advisory
- www.debian.org/security/2016/dsa-3580nvdThird Party Advisory
- www.debian.org/security/2016/dsa-3746nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
- www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegatenvdThird Party Advisory
- www.securityfocus.com/archive/1/538378/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/89848nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035742nvdThird Party AdvisoryVDB Entry
- www.slackware.com/security/viewer.phpnvdThird Party Advisory
- www.ubuntu.com/usn/USN-2990-1nvdThird Party Advisory
- access.redhat.com/security/vulnerabilities/2296071nvdThird Party Advisory
- imagetragick.comnvdVendor Advisory
- security.gentoo.org/glsa/201611-21nvdThird Party Advisory
- www.exploit-db.com/exploits/39767/nvdThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/39791/nvdThird Party AdvisoryVDB Entry
- www.imagemagick.org/discourse-server/viewtopic.phpnvdVendor Advisory
- www.imagemagick.org/script/changelog.phpnvdVendor Advisory
- www.kb.cert.org/vuls/id/250519nvdThird Party AdvisoryUS Government Resource
- www.openwall.com/lists/oss-security/2016/05/03/13nvdMailing List
- www.openwall.com/lists/oss-security/2016/05/03/18nvdMailing List
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.