Package ImageMagick updated to version 6.9.3.10-alt1 for branch sisyphus in task 164369.

Published: 2016-05-05

BDU:2016-01146

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (10.0)

References:

Published: 2016-05-05

BDU:2016-01573

Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю удалить произвольные файлы

Severity: MEDIUM (5.8)

References:

Published: 2017-03-15

BDU:2017-01647

Уязвимость компонента gnuplot консольного графического редактора ImageMagick и GraphicsMagick, позволяющая нарушителю выполнить произвольные команды

Severity: HIGH (7.5)

References:

Published: 2016-05-05
Modified: 2025-01-28

CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Severity: HIGH (8.4) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-05-05
Modified: 2025-04-02

CVE-2016-3715

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2016-05-05
Modified: 2024-11-21

CVE-2016-3716

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2016-05-05
Modified: 2024-11-21

CVE-2016-3717

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2016-05-05
Modified: 2025-04-02

CVE-2016-3718

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2017-03-15
Modified: 2024-11-21

CVE-2016-5239

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package ImageMagick update in sisyphus on 2016-05-06

ALT-PU-2016-1456-1

Closed vulnerabilities

BDU:2016-01146

BDU:2016-01573

BDU:2017-01647

CVE-2016-3714

CVE-2016-3715

CVE-2016-3716

CVE-2016-3717

CVE-2016-3718

CVE-2016-5239