« List of all CVEs

CVE-2016-3714

Published: 5/5/2016 Last updated: 9/9/2024 Reserved: 3/30/2016

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 8.4 High CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-libMagickCore ocsigen-start

Products affected (1)

Product Vendor Version
n/a n/a < 7.1-42661

References (60)