VYPR
Get started
← All advisories
Medium severity5.5CISA KEVNVD Advisory· Published May 5, 2016· Updated Apr 22, 2026

CVE-2016-3718

CVE-2016-3718

Description

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Affected products

84
  • ImageMagick/Imagemagick3 versions
    cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <6.9.3-10
    • cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*
    • cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Debuginfo3 versions
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
  • SUSE S.A./Manager
    cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*
  • SUSE S.A./Manager Proxy
    cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*
  • SUSE S.A./Openstack Cloud
    cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • OpenSUSE/Leap
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • Oracle Corporation/Linux2 versions
    cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
    • cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
  • Oracle Corporation/Solaris2 versions
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
    • cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop2 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Eus7 versions
    cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Ibm Z Systems2 versions
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Ibm Z Systems Eus7 versions
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Power Big Endian2 versions
    cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Power Big Endian Eus7 versions
    cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Power Little Endian
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux For Power Little Endian Eus6 versions
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.3_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Hpc Node2 versions
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Hpc Node Eus
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server2 versions
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus5 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server From Rhui2 versions
    cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Supplementary Eus
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus4 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation2 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Desktop2 versions
    cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Server5 versions
    cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*+ 4 more
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Software Development Kit3 versions
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Workstation Extension2 versions
    cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

20

News mentions

0

No linked articles in our index yet.